Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveWPScanCVE-2021-24359
HistoryJun 14, 2021 - 2:15 p.m.

CVE-2021-24359

2021-06-1414:15:08
CWE-287
CWE-284
WPScan
web.nvd.nist.gov
37
6
cve-2021-24359
elementor
wordpress
plugin
security vulnerability
password reset
account takeover

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

72.2%

JSON

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover.

Affected configurations

Nvd
Vulners
Node
posimyththe_plus_addons_for_elementorRange<4.1.11wordpress
VendorProductVersionCPE
posimyththe_plus_addons_for_elementor*cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "product": "The Plus Addons for Elementor Page Builder",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.1.11",
        "status": "affected",
        "version": "4.1.11",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

cvelist 2
nvd 2
prion 2
wpvulndb 2
wpexploit 2
cve 1
nuclei 1
cvelist
cvelist
CVE-2021-24359 The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
2021-06-14 13:37:14
CVE-2021-24358 The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
2021-06-14 13:37:14
nvd
nvd
CVE-2021-24359
2021-06-14 14:15:08
CVE-2021-24358
2021-06-14 14:15:08
prion
prion
Open redirect
2021-06-14 14:15:00
Open redirect
2021-06-14 14:15:00
wpvulndb
wpvulndb
The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
2021-05-31 00:00:00
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
2021-05-31 00:00:00
wpexploit
wpexploit
The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
2021-05-31 00:00:00
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
2021-05-31 00:00:00
cve
cve
CVE-2021-24358
2021-06-14 14:15:08
nuclei
nuclei
Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
2022-02-12 16:41:04

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

72.2%

JSON
Related for CVE-2021-24359
cvelist2nvd2prion2wpvulndb2wpexploit2cve1nuclei1