Lucene search

[email protected]CVE-2021-24358

HistoryJun 14, 2021 - 2:15 p.m.

CVE-2021-24358

2021-06-1414:15:00

CWE-601

[email protected]

web.nvd.nist.gov

cve-2021-24358

plus addons

elementor

page builder

wordpress

plugin

open redirect

security issue

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.

CPENameOperatorVersion
posimyth:the_plus_addons_for_elementorposimyth the plus addons for elementorlt4.1.10

CPE	Name	Operator	Version
posimyth:the_plus_addons_for_elementor	posimyth the plus addons for elementor	lt	4.1.10

References

theplusaddons.com/changelog/

wpscan.com/vulnerability/fd4352ad-dae0-4404-94d1-11083cb1f44d

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2021-24358

wpvulndb1 prion2 wpexploit1 nuclei1 cve1