CVE-2021-24359 The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could b...

CVE-2021-24358

WordPress Plus Addons for Elementor Page Builder prior to 4.1.10 is vulnerable to an Open Redirect when a crafted URL is used to pass an unvalidated redirect parameter. The issue arises from failing to validate the redirect target before redirecting, enabling potential abuse for phishing or to le...

CVE-2021-24351 The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)

The theplusmorepost AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users...

Elementor Page Builder WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Elementor Page Builder WordPress, which stems from a...

WordPress plugin Plus Addons for Elementor Page Builder 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in Plus Addons for Elementor Page Builder WordPress plugin versions...

Plus Addons for Elementor Page Builder WordPress plugin 输入验证错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the Plus Addons for Elementor Page Builder WordPress plugin prior...

PT-2021-15895 · WordPress · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder WordPress plugin versions prior to 4.1.11 Description: The issue allows an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site, as the plugin did n...

The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)

The theplusmorepost AJAX action of the plugin did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

CVE-2021-24266

The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

WordPress Plus Addonsfor Elementor 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress The Plus Addons for Elementor Page Builder Lite Plugin versions prior to 2.0.6. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

CVE-2021-24175

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

CVE-2021-24175 The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

PT-2021-15721

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder WordPress plugin versions prior to 4.1.7 Description: The issue allows malicious actors to bypass authentication, enabling unauthenticated users to log in as any user, including admin, by providing t...

WordPress The Plus Addons for Elementor插件身份验证绕过漏洞（CVE-2021-24175）

...

VulnCheck KEV: CVE-2021-24175

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...