Recently, Wordfence’s Threat Intelligence team announced details about a vulnerability found and patched in the BetterLinks’ Simple 301 Redirects plugin, which is used by over 300K WordPress websites.
A vulnerability in the site made it possible for unauthenticated users to update redirects, which allowed an attacker to redirect all site traffic to a malicious site external to the site. The remaining flaws allowed authenticated users to install and activate plugins and perform other less critical actions.
BetterLinks’ Simple 301 Redirects plugin allows WordPress sites to create 301 redirects. As part of version 2.0.0, the plugin was enhanced, and several new features were added. The update included a new feature that allowed users to import and export redirects. Unfortunately, a security hole was found in this functionality.
This vulnerability is rated as ‘Critical‘ on PatchStack (Score: 9.9). By exploiting this vulnerability, an authenticated attacker could install and activate any plugin. Additionally, there is a possibility of one with a more severe vulnerability in order to infect the vulnerable site further and escalate privileges.
Wordfence Threat Intelligence contacted the plugin’s developer on April 8, 2021. As soon as the appropriate communication channel had been established, the full disclosure details were provided on April 11, 2021.
Severe vulnerabilities have been patched in Simple 301 Redirects by BetterLinks, a plugin used by over 300,000 WordPress sites. Some of these vulnerabilities made it possible for unauthenticated attackers to redirect all of a site’s visitors.https://t.co/HmRlmN8fMf— Wordfence (@wordfence) May 26, 2021
The first patch for the plugin was released on April 15, 2021, and the final patch was released as version 2.0.4 on May 5, 2021.
We strongly recommend you to update the WordPress Simple 301 Redirects by BetterLinks plugin to the latest available version (at least v2.0.4) to keep your website safe from attackers.