WordPress Plugin Vulnerabilities

ElementsReady Addons for Elementor 6.4.2 - Open Redirect

Description

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Open Redirect in version 6.4.2. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
element-ready-lite
Fixed in 6.4.3

References

CVE
CVE-2024-47353
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7dff9b5f-def3-420b-a28f-e0d225747c52

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
ardias
Verified
No
WPVDB ID
4d6ac906-86a3-4ade-95db-77e9f48145bd

Timeline

Publicly Published
2024-09-30 (about 1 year ago)
Added
2024-10-10 (about 1 year ago)
Last Updated
2024-10-10 (about 1 year ago)

Other

Published
Title
Published
2025-08-14
Title
elink <= 1.1.0 - Contributor+ Arbitrary Redirect
Published
2024-12-05
Title
Login Widget With Shortcode <= 6.1.2 - Open Redirect
Published
2019-10-21
Title
Bridge Theme < 18.2.1 - Open Redirect
Published
2022-03-29
Title
English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect
Published
2025-05-20
Title
Affiliate Sales in Google Analytics and other tools < 2.0.1 - Open Redirect