Description

WordPress Plugin The Plus Addons for Elementor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently send arbitrary reset password emails to registered users on behalf of the WordPress site. WordPress Plugin The Plus Addons for Elementor version 4.1.10 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.1.11 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:486B82D1-30D4-44D2-9542-F33E3F149E92

https://theplusaddons.com/changelog/

Related Vulnerabilities

WordPress Plugin 3DPrint Lite Cross-Site Scripting (1.9.1.5)

PHP NULL Pointer Dereference Vulnerability (CVE-2018-10548)

WordPress Plugin Billplz for WooCommerce Unspecified Vulnerability (3.10)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.7.5)

WordPress Plugin Appointment Booking Calendar SQL Injection (1.1.23)

Severity

High

Classification

CVE-2021-24359 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass