CVE-2021-24175
published 2021-04-05CVE-2021-24175: The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
14.46%
96.2th percentile
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| posimyth | the_plus_addons_for_elementor | < 4.1.7 | 4.1.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect vulnerable plugin version by fetching readme.txt and extracting 'Stable tag' version string; flag if version is less than 4.1.7 ↗
- →HTTP GET request to /wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt returning HTTP 200 and containing 'The Plus Addons for Elementor' indicates a potentially vulnerable installation ↗
- →Use FOFA query 'body="/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"' to identify internet-exposed WordPress sites with the vulnerable plugin installed ↗
- →Extract version from readme.txt using regex 'Stable tag: ([0-9.]+)' and compare against the fixed version 4.1.7 ↗
- ·The authentication bypass is exploitable even when user registration is disabled and the Login widget is not active — do not rely on those controls as mitigations ↗
- ·The vulnerability allows unauthenticated login as any user including admin by supplying only a username, and also permits creation of accounts with arbitrary roles such as admin ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fpx3-pcr2-8rvr: The Plus Addons for Elementor Page Builder WordPress plugin before 4
ghsa_unreviewed·2022-05-24
CVE-2021-24175 [CRITICAL] CWE-287 GHSA-fpx3-pcr2-8rvr: The Plus Addons for Elementor Page Builder WordPress plugin before 4
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.
VulnCheck
posimyth the_plus_addons_for_elementor Improper Authentication
vulncheck·2021·CVSS 9.8
CVE-2021-24175 [CRITICAL] posimyth the_plus_addons_for_elementor Improper Authentication
posimyth the_plus_addons_for_elementor Improper Authentication
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.
Affected: posimyth the_plus_addons_for_elementor
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-
No detection rules found.
Nuclei
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
nuclei·CVSS 9.8
CVE-2021-24175 [CRITICAL] The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
The Plus Addons for Elementor plugin (before version 4.1.7) allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive.
Template:
id: CVE-2021-24175
info:
name: The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
author: pussycat0x
severity: critical
description: |
The Plus Addons for Elementor plugin (before version 4.1.7) allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive.
impact: |
Unauthenticated attackers can bypass authentication, gain administrator
No writeups or analysis indexed.
https://posimyth.ticksy.com/ticket/2713734/https://wpscan.com/vulnerability/c311feef-7041-4c21-9525-132b9bd32f89https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-elementor-allows-site-takeover/https://posimyth.ticksy.com/ticket/2713734/https://wpscan.com/vulnerability/c311feef-7041-4c21-9525-132b9bd32f89https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-elementor-allows-site-takeover/
2021-04-05
Published
Exploited in the wild