Duckdev 404 To 301 vulnerabilities
2 known vulnerabilities affecting duckdev/404_to_301.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2015-9323P2CRITICALCVSS 9.8PoCfixed in 2.0.32019-08-16
CVE-2015-9323 [CRITICAL] CWE-89 CVE-2015-9323: The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
nvd
CVE-2021-4338P4MEDIUMCVSS 5.4≤ 3.0.72023-06-07
CVE-2021-4338 [MEDIUM] CWE-284 CVE-2021-4338: The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability
The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections.
nvd