CVE-2021-24280: 
WordPress vulnerability analysis and mitigation

CVE-2021-24280 is a vulnerability discovered in the Redirection for Contact Form 7 WordPress plugin versions before 2.3.4. The vulnerability was identified on January 14, 2021, and publicly disclosed on April 20, 2021. This security issue affects WordPress installations using the vulnerable plugin versions (CVE MITRE, WPScan).

The vulnerability is classified as a PHP Object Injection vulnerability with a CVSS score of 7.5 (High). It is categorized under OWASP Top 10 as A8: Insecure Deserialization and CWE-502. The issue allows any authenticated user, including those with subscriber-level access, to exploit the importfromdebug AJAX action to inject PHP objects into the application (Wordfence, WPScan).

The vulnerability could potentially allow authenticated attackers to execute arbitrary code on the affected WordPress installations, leading to possible server compromise and unauthorized access to sensitive information (Wordfence).

The vulnerability has been patched in version 2.3.4 of the Redirection for Contact Form 7 plugin. Site administrators are strongly advised to update to this version or later to mitigate the risk (WPScan).