ByteOS Network

404_to_301

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2021-4338

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.11% / 29.30%

7 Day CHG~0.00%

Published-07 Jun, 2023 | 01:51

Updated-20 Dec, 2024 | 23:56

The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections.

Vendor-duckdev joelcj91

Product-404_to_301 404 to 301 – Redirect, Log and Notify 404 Errors

CWE ID-CWE-862

Missing Authorization

CVE-2021-24766

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 34.66%

7 Day CHG~0.00%

Published-08 Nov, 2021 | 17:35

Updated-03 Aug, 2024 | 19:42

404 to 301 < 3.0.9 - Logs Deletion via CSRF

The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack

Vendor-404_to_301_project Unknown

Product-404_to_301 404 to 301 – Redirect, Log and Notify 404 Errors

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2015-9323

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-63.26% / 98.33%

7 Day CHG~0.00%

Published-16 Aug, 2019 | 20:12

Updated-06 Aug, 2024 | 08:43

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

Vendor-duckdev n/a

Product-404_to_301 n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')