Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:FD4352AD-DAE0-4404-94D1-11083CB1F44D
HistoryMay 31, 2021 - 12:00 a.m.

The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

2021-05-3100:00:00
wpscan.com
11

0.003 Low

EPSS

Percentile

71.1%

JSON

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.

PoC

The vulnerable code leading to the open redirect is in the function “redirect_to_tp_custom_password_reset” in “theplus_elementor_addon/includes/plus_addon.php” The url : https://example.com/wp-login.php?action=theplusrp&amp;key;=&amp;redirecturl;=http://attacker.com&amp;forgoturl;=http://attacker.com&amp;login;=john with John as a registered user on the WordPress blog, will redirect the user to http://attacker.com

CPENameOperatorVersion
theplus_elementor_addonlt4.1.10

Related

nvd 2
cve 2
cvelist 2
prion 2
nuclei 1
wpexploit 1
nvd
nvd
CVE-2021-24358
2021-06-14 14:15:08
CVE-2021-24359
2021-06-14 14:15:08
cve
cve
CVE-2021-24358
2021-06-14 14:15:08
CVE-2021-24359
2021-06-14 14:15:08
cvelist
cvelist
CVE-2021-24358 The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
2021-06-14 13:37:14
CVE-2021-24359 The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
2021-06-14 13:37:14
prion
prion
Open redirect
2021-06-14 14:15:00
Open redirect
2021-06-14 14:15:00
nuclei
nuclei
Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
2022-02-12 16:41:04
wpexploit
wpexploit
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
2021-05-31 00:00:00

0.003 Low

EPSS

Percentile

71.1%

JSON
Related for WPVDB-ID:FD4352AD-DAE0-4404-94D1-11083CB1F44D
nvd2cve2cvelist2prion2nuclei1wpexploit1