The Plus Addons for Elementor Page Builder < 4.1.10 – Open Redirect | CVE 2021-24358 | Plugin Vulnerabilities

Description

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.

Proof of Concept

The vulnerable code leading to the open redirect is in the function "redirect_to_tp_custom_password_reset" in "theplus_elementor_addon/includes/plus_addon.php"

The url : https://example.com/wp-login.php?action=theplusrp&key=&redirecturl=http://attacker.com&forgoturl=http://attacker.com&login=john

with John as a registered user on the WordPress blog, will redirect the user to http://attacker.com

Affects Plugins

theplus_elementor_addon

Fixed in 4.1.10

References

CVE

URL

https://theplusaddons.com/changelog/

Classification

Type

REDIRECT

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Nicolas Vidal from TEHTRIS

Verified

Yes

WPVDB ID

fd4352ad-dae0-4404-94d1-11083cb1f44d

Timeline

Publicly Published

2021-05-31 (about 4 years ago)

Added

2021-05-31 (about 4 years ago)

Last Updated

2021-05-31 (about 4 years ago)

Other

Published

Title

Published

2023-10-06

Title

affiliate-toolkit – WordPress Affiliate Plugin < 3.4.0 - Open Redirect via atkpout.php

Published

2024-04-12

Title

Freshdesk (official) < 2.4.0 - Open Redirect

Published

2023-10-12

Title

Responsive Column Widgets <= 1.2.7 - Open Redirect via responsive_column_widgets_link

Published

2016-04-25

Title

The Events Calendar <= 4.1.1 - Open Redirect

Published

2025-03-11

Title

AS English Admin <= 1.0.0 - Open Redirection