SB2019081006 - Multiple vulnerabilities in Simple 301 Redirects Addon Bulk Uploader plugin for WordPress
Published: August 10, 2019 Updated: August 26, 2019
Security Bulletin ID
SB2019081006
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: N/A)
The vulnerability allows a remote attacker to escalate privilege on the target system.
The vulnerability exists due to the missing capability check in the “update_option” function. A remote unauthenticated attacker can upload a CSV file to redirect all pages to a malicious website via the “Location:” header.
2) Improper Privilege Management (CVE-ID: N/A)
The vulnerability allows a remote attacker to escalate privilege on the target system.
The vulnerability exists due to the missing capability check in the "export_bulk_redirects" and "clear_301_redirects" function. A remote authenticated attacker can trigger the "admin_action_*" hook, access the following URLs and export/clear the plugin settings.
wp-admin/admin.php?action=bulk301export wp-admin/admin.php?action=bulk301clearlist
Remediation
Install update from vendor's website.