Lucene search
WPScanCVELIST:CVE-2021-24359HistoryJun 14, 2021 - 1:37 p.m.
CVE-2021-24359 The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
2021-06-1413:37:14
CWE-284
WPScan
www.cve.org
3
cve-2021-24359
plus addons
elementor page builder
arbitrary reset
password email sending
wordpress plugin
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover.
CNA Affected
[
{
"product": "The Plus Addons for Elementor Page Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.1.11",
"status": "affected",
"version": "4.1.11",
"versionType": "custom"
}
]
}
]Related
prion
prion
Open redirect
2021-06-14 14:15:00
Open redirect
2021-06-14 14:15:00
cve
cve
CVE-2021-24359
2021-06-14 14:15:08
CVE-2021-24358
2021-06-14 14:15:08
nvd
nvd
CVE-2021-24359
2021-06-14 14:15:08
CVE-2021-24358
2021-06-14 14:15:08
cvelist
cvelist
wpvulndb
wpvulndb
wpexploit
wpexploit
nuclei
nuclei
Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
2022-02-12 16:41:04