ThreatPress

WordPress Vulnerability Database

Back

WordPress 301 Redirects – Easy Redirect Manager plugin <= 2.50 - Authenticated SQL Injection (SQLi) vulnerability

Product
301 Redirects
Description
Authenticated SQL Injection (SQLi) vulnerability found by Nguyen Van Khanh in WordPress 301 Redirects – Easy Redirect Manager plugin (versions <= 2.50).
Solution
Update the WordPress 301 Redirects – Easy Redirect Manager plugin to the latest available version (at least 2.5.1).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE
Vulnerability details
Plugin changelog
WPVDB ID
CVE
Name CVE-2021-24142
Versions
Affected In <= 2.50
Fixed In 2.5.1
Disclosure date
2021-01-18
Credits
Nguyen Van Khanh (SunCSR)