Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin The Plus Addons for Elementor Open Redirect (4.1.9) - Vulnerability Database

WordPress Plugin The Plus Addons for Elementor Open Redirect (4.1.9)

Description

WordPress Plugin The Plus Addons for Elementor is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin The Plus Addons for Elementor version 4.1.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.1.10 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:FD4352AD-DAE0-4404-94D1-11083CB1F44D
https://theplusaddons.com/changelog/

Related Vulnerabilities

WordPress Plugin Daily Inspiration Generator Open Redirect (2.0) High
Common tags: Missing Update Url Redirection
WordPress Plugin Ad-Manager Open Redirect (1.1.2) High
Common tags: Missing Update Url Redirection
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Open Redirect (2.0.5) High
Common tags: Missing Update Url Redirection
WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) Open Redirect (2.0.1) High
Common tags: Missing Update Url Redirection
WordPress Plugin Password Protected Open Redirect (1.4) High
Common tags: Missing Update Url Redirection

Severity

High

Classification

CVE-2021-24358
CWE-601
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update
Url Redirection