CVE-2021-24175
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.
El plugin de WordPress Plus Addons for Elementor Page Builder versiones anteriores a 4.1.7, estaban siendo explotados activamente por actores maliciosos para omitir la autenticación, permitiendo a usuarios no autenticados iniciar sesión como cualquier usuario (incluyendo el administrador) al solo proporcionar el nombre de usuario relacionado, así como diseñar cuentas. con roles arbitrarios, como admin. Estos problemas pueden ser explotados incluso si el registro está deshabilitado y el widget de Login no está activo
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-03-08 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-01-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://posimyth.ticksy.com/ticket/2713734 | Broken Link | |
https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-elementor-allows-site-takeover | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/c311feef-7041-4c21-9525-132b9bd32f89 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Posimyth Search vendor "Posimyth" | The Plus Addons For Elementor Search vendor "Posimyth" for product "The Plus Addons For Elementor" | < 4.1.7 Search vendor "Posimyth" for product "The Plus Addons For Elementor" and version " < 4.1.7" | wordpress |
Affected
|