2 matches found
CVE-2021-24359 The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could b...
CVE-2021-24359
The CVE-2021-24359 issue affects the Plus Addons for Elementor Page Builder WordPress plugin prior to version 4.1.11. The vulnerability allows an attacker to abuse a password-reset request to send an arbitrary reset email to a registered user, potentially enabling account takeover when combined w...