Description

WordPress Plugin The Plus Addons for Elementor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently send arbitrary reset password emails to registered users on behalf of the WordPress site. WordPress Plugin The Plus Addons for Elementor version 4.1.10 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.1.11 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:486B82D1-30D4-44D2-9542-F33E3F149E92

https://theplusaddons.com/changelog/

Related Vulnerabilities

WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Request Forgery (4.3.24)

Squid CVE-2018-1000024 Vulnerability (CVE-2018-1000024)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-1397)

OpenSSL Other Vulnerability (CVE-2004-0081)

GlassFish CVE-2016-5519 Vulnerability (CVE-2016-5519)

Severity

High

Classification

CVE-2021-24359 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass