CVE-2021-24175: The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

日期: 2025-08-01 | 影响软件: The Plus Addons for Elementor Page Builder | POC: 已公开

漏洞描述

The Plus Addons for Elementor plugin (before version 4.1.7) allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive.

PoC代码[已公开]

id: CVE-2021-24175

info:
  name: The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
  author: pussycat0x
  severity: critical
  description: |
    The Plus Addons for Elementor plugin (before version 4.1.7) allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive.
  impact: |
    Unauthenticated attackers can bypass authentication, gain administrator access, and create elevated privilege accounts even when registration is disabled, leading to complete WordPress site takeover.
  remediation: Fixed in 4.1.7
  reference:
    - https://wpscan.com/vulnerability/c311feef-7041-4c21-9525-132b9bd32f89/
    - https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-elementor-allows-site-takeover/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-24175
    cwe-id: CWE-287
    epss-score: 0.82056
    epss-percentile: 0.99172
    cpe: cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="/wp-content/plugins/the-plus-addons-for-elementor-page-builder/"
    vendor: posimyth
    product: the_plus_addons_for_elementor
    framework: wordpress
  tags: cve,cve2021,wordpress,wp-theme,wpscan,elementor,plus-addons,passive,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt"

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, 'The Plus Addons for Elementor')"
          - "compare_versions(version, '< 4.1.7')"
        condition: and

    extractors:
      - type: regex
        part: body
        group: 1
        name: version
        regex:
          - 'Stable tag: ([0-9.]+)'
        internal: true
# digest: 4a0a0047304502207ce2f4df885d0806a200cb22945562a94fb4f41497e1350e07d73a2eb05f2b35022100af13a5faabbc11b3037aa36d3403a522fae2c63e158c166e3db97e6060494842:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-24175.yaml

相关漏洞推荐