### [CVE-2021-24766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24766)
![](https://img.shields.io/static/v1?label=Product&message=404%20to%20301%20%E2%80%93%20Redirect%2C%20Log%20and%20Notify%20404%20Errors&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.0.9%3C%203.0.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)

### Description

The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack

### POC

#### Reference
- https://wpscan.com/vulnerability/cc13db1e-5f7f-49b2-81da-f913cfe70543

#### Github
No PoCs found on GitHub currently.