Lucene search

WordfenceCVE-2021-4331

HistoryMar 07, 2023 - 3:15 p.m.

CVE-2021-4331

2023-03-0715:15:10

Wordfence

web.nvd.nist.gov

cve-2021-4331

plus addons

elementor

wordpress

plugin

vulnerability

privilege escalation

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).

Affected configurations

Nvd

Vulners

Node

posimyththe_plus_addons_for_elementorRange≤2.0.6freewordpress

posimyththe_plus_addons_for_elementorRange≤4.1.9prowordpress

VendorProductVersionCPE
posimyththe_plus_addons_for_elementor*cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:free:wordpress:*:*
posimyththe_plus_addons_for_elementor*cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:pro:wordpress:*:*

Vendor	Product	Version	CPE
posimyth	the_plus_addons_for_elementor	*	cpe:2.3:a:posimyth:the_plus_addons_for_elementor:::::free:wordpress::
posimyth	the_plus_addons_for_elementor	*	cpe:2.3:a:posimyth:the_plus_addons_for_elementor:::::pro:wordpress::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "The Plus Addons for Elementor Page Builder",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.1.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "posimyththemes",
    "product": "The Plus Addons for Elementor | FREE Elementor Widgets & Elementor Templates, Header Menu, Blog Post Builder, Dark Mode, Full-Page Scroll, Cross Domain Copy",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.0.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2514618%40the-plus-addons-for-elementor-page-builder&new=2514618%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/96388c82-2392-42b3-b0a0-c3d92910fb5c

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

Related for CVE-2021-4331