WordPress Plugin Vulnerabilities

The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

Description

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.

Proof of Concept

The vulnerable code leading to the open redirect is in the function "redirect_to_tp_custom_password_reset" in "theplus_elementor_addon/includes/plus_addon.php"

The url : https://example.com/wp-login.php?action=theplusrp&key=&redirecturl=http://attacker.com&forgoturl=http://attacker.com&login=john

with John as a registered user on the WordPress blog, will redirect the user to http://attacker.com

Affects Plugins

Plugin icon
theplus_elementor_addon
Fixed in 4.1.10

References

CVE
CVE-2021-24358
URL
https://theplusaddons.com/changelog/

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nicolas Vidal from TEHTRIS
Verified
Yes
WPVDB ID
fd4352ad-dae0-4404-94d1-11083cb1f44d

Timeline

Publicly Published
2021-05-31 (about 2 years ago)
Added
2021-05-31 (about 2 years ago)
Last Updated
2021-05-31 (about 2 years ago)

Other

Published
Title
Published
2015-05-29
Title
Wow Moodboard Lite <= 1.1.1.1 - Open Redirect
Published
2024-04-11
Title
FV Flowplayer Video Player < 7.5.45.7212 - Authenticated (Contributor+) Arbitrary Redirect
Published
2021-02-16
Title
Ninja Forms < 3.4.34 - Administrator Open Redirect
Published
2023-01-06
Title
miniOrange WordPress SAML SSO Standard < 16.0.8 - Open Redirect in SSO login
Published
2018-01-01
Title
furikake - Unauthenticated Open Redirect