WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

Description

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.

Proof of Concept

The vulnerable code leading to the open redirect is in the function "redirect_to_tp_custom_password_reset" in "theplus_elementor_addon/includes/plus_addon.php"

The url : https://example.com/wp-login.php?action=theplusrp&key=&redirecturl=http://attacker.com&forgoturl=http://attacker.com&login=john

with John as a registered user on the WordPress blog, will redirect the user to http://attacker.com

Affects Plugins

theplus_elementor_addon
Fixed in version 4.1.10

References

CVE
CVE-2021-24358
URL
https://theplusaddons.com/changelog/

Classification

Type

REDIRECT

OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Original Researcher

Nicolas Vidal from TEHTRIS

Verified

Yes

WPVDB ID
fd4352ad-dae0-4404-94d1-11083cb1f44d

Timeline

Publicly Published

2021-05-31 (about 1 years ago)

Added

2021-05-31 (about 1 years ago)

Last Updated

2021-05-31 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin