CVE-2021-24358
First published: Mon Jun 14 2021(Updated: )
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Posimyth The Plus Addons For Elementor | <4.1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24358?
CVE-2021-24358 is a vulnerability in the Plus Addons for Elementor Page Builder WordPress plugin before version 4.1.10 that allows an attacker to perform an Open Redirect attack.
What is the severity of CVE-2021-24358?
The severity of CVE-2021-24358 is medium with a CVSS score of 6.1.
How does CVE-2021-24358 affect software?
CVE-2021-24358 affects the Plus Addons for Elementor Page Builder WordPress plugin before version 4.1.10.
How can I fix CVE-2021-24358?
To fix CVE-2021-24358, upgrade to version 4.1.10 or later of the Plus Addons for Elementor Page Builder WordPress plugin.
What is an Open Redirect attack?
An Open Redirect attack is a vulnerability that allows an attacker to redirect a user to a malicious website, potentially leading to phishing attacks or the stealing of sensitive data.
- collector/nvd-index
- vendor/posimyth
- product/the plus addons for elementor
- canonical/posimyth the plus addons for elementor