Description

WordPress Plugin Simple 301 Redirects-Addon-Bulk Uploader is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently redirect all pages and posts of the blog to a malicious website, or export and clear the plugin settings. WordPress Plugin Simple 301 Redirects-Addon-Bulk Uploader version 1.2.4 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2.5 or latest

References

https://blog.nintechnet.com/unauthenticated-option-changes-in-wordpress-simple-301-redirects-addon-bulk-uploader-plugin/

https://www.wordfence.com/blog/2019/08/malicious-wordpress-redirect-campaign-attacking-several-plugins/

https://plugins.svn.wordpress.org/simple-301-redirects-addon-bulk-uploader/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin MailPoet Newsletters (Previous) Multiple Unspecified Vulnerabilities (2.7.1)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43707)

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0983)

WordPress Plugin Zedna Contact form Directory Traversal (1.1)

Severity

High

Classification

CVE-2019-15776 CVE-2019-15818 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass