Lucene search

[email protected]CVE-2021-24351

HistoryJun 14, 2021 - 2:15 p.m.

CVE-2021-24351

2021-06-1414:15:00

CWE-79

[email protected]

web.nvd.nist.gov

theplus addons

elementor

wordpress

cve-2021-24351

xss

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

51.3%

JSON

The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)

CPENameOperatorVersion
posimyth:the_plus_addons_for_elementorposimyth the plus addons for elementorlt4.1.12

CPE	Name	Operator	Version
posimyth:the_plus_addons_for_elementor	posimyth the plus addons for elementor	lt	4.1.12

References

theplusaddons.com/changelog/

wpscan.com/vulnerability/2ee62f85-7aea-4b7d-8b2d-5d86d9fb8016

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

51.3%

JSON

Related for CVE-2021-24351

nuclei1 prion1 wpvulndb1 wpexploit1