CVE-2024-1566

EUVD-2024-17310
The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could lead to undesired redirection to phishing sites or malicious web pages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
declaireredirects
𝑥
≤ 1.2.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mattdeclaireredirects
𝑥
≤ 1.2.1
ADP
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/browser/redirects/trunk/index.php#L118
https://www.wordfence.com/threat-intel/vulnerabilities/id/7c6be7f2-5526-4fba-9fe0-003b8460c926?source=cve
https://plugins.trac.wordpress.org/browser/redirects/trunk/index.php#L118
https://www.wordfence.com/threat-intel/vulnerabilities/id/7c6be7f2-5526-4fba-9fe0-003b8460c926?source=cve