id: CVE-2021-24175 info: name: The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass author: pussycat0x severity: critical description: | The Plus Addons for Elementor plugin (before version 4.1.7) allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. impact: | Unauthenticated attackers can bypass authentication, gain administrator access, and create elevated privilege accounts even when registration is disabled, leading to complete WordPress site takeover. remediation: Fixed in 4.1.7 reference: - https://wpscan.com/vulnerability/c311feef-7041-4c21-9525-132b9bd32f89/ - https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-elementor-allows-site-takeover/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24175 cwe-id: CWE-287 epss-score: 0.89621 epss-percentile: 0.99579 cpe: cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 fofa-query: body="/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" vendor: posimyth product: the_plus_addons_for_elementor framework: wordpress tags: cve,cve2021,wordpress,wp-theme,wpscan,elementor,plus-addons,passive,vkev,vuln http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" matchers: - type: dsl dsl: - "status_code == 200" - "contains(body, 'The Plus Addons for Elementor')" - "compare_versions(version, '< 4.1.7')" condition: and extractors: - type: regex part: body group: 1 name: version regex: - 'Stable tag: ([0-9.]+)' internal: true # digest: 4a0a00473045022100aedf17f66542e641f26b91fe08630695433382b6af50338f6f8c769b9d0aa4e602201e19fd89fdd5788c57ff0f501c8ff8188d646ba8f9773b8de0a1b1570fbfacd9:922c64590222798bb761d5b6d8e72950