CVE-2024-1566 in Redirects Plugininfo

Summary

by MITRE • 02/28/2024

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could lead to undesired redirection to phishing sites or malicious web pages.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 04/12/2026

The CVE-2024-1566 vulnerability affects the Redirects plugin for WordPress, representing a critical authorization flaw that undermines the integrity of redirect configurations. This vulnerability stems from a fundamental missing capability check within the plugin's save function, which is present in all versions up to and including 1.2.1. The absence of proper authentication verification creates an exploitable condition that allows any unauthenticated user to manipulate redirect rules, effectively bypassing the normal access controls that should protect administrative functions.

The technical flaw manifests as a failure to validate user permissions before allowing modifications to redirect configurations. This missing capability check represents a direct violation of the principle of least privilege, where the system fails to verify that the requesting entity possesses the necessary authorization level to perform the requested operation. The vulnerability resides in the plugin's backend processing logic, specifically in the data persistence layer where redirect rules are saved to the WordPress database. Attackers can exploit this weakness by crafting malicious requests that target the plugin's save endpoint, thereby enabling them to modify existing redirect rules or create new ones without proper authentication.

The operational impact of this vulnerability extends beyond simple data modification, creating significant security risks for WordPress installations. Unauthenticated attackers can leverage this flaw to redirect users to phishing sites, malicious web pages, or any other destination they choose, potentially leading to credential theft, malware distribution, or other malicious activities. The vulnerability's implications are particularly concerning because redirect plugins are commonly used to manage website navigation, SEO optimization, and user experience flows. When compromised, these redirect rules can become powerful attack vectors that affect the entire website ecosystem and potentially impact multiple users simultaneously.

This vulnerability aligns with CWE-285, which addresses improper authorization issues in software systems, and represents a classic case of insufficient access control validation. The flaw also correlates with ATT&CK technique T1071.004, which involves application layer protocol manipulation, as attackers can manipulate the application's redirect functionality to achieve their malicious objectives. Organizations using affected WordPress installations face heightened risk of social engineering attacks, as the compromised redirect functionality can be used to create convincing phishing campaigns that appear legitimate to end users. The vulnerability's exploitation does not require any special privileges or technical expertise, making it particularly dangerous as it can be leveraged by threat actors with minimal skill levels.

Mitigation strategies should prioritize immediate plugin updates to versions that address the capability check deficiency, as vendors typically release patches to resolve such authorization flaws. Administrators should also implement additional security measures including network-level restrictions, monitoring for unauthorized configuration changes, and regular security audits of plugin installations. The vulnerability underscores the importance of proper input validation and access control mechanisms in web applications, particularly those handling user-facing configuration options. Organizations should also consider implementing web application firewalls and intrusion detection systems to monitor for exploitation attempts targeting known vulnerabilities in WordPress plugins. Regular security assessments and vulnerability scanning of WordPress installations remain essential practices to identify and remediate similar authorization flaws before they can be exploited by malicious actors.

Responsible

Wordfence

Reservation

02/15/2024

Disclosure

02/28/2024

Moderation

accepted

CPE

ready

EPSS

0.00530

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!