Medium severity5.3NVD Advisory· Published Jun 14, 2021· Updated Jun 17, 2026
CVE-2021-24359
CVE-2021-24359
Description
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Plus Addons for Elementor Page Builderdescription
- Range: <4.1.11
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/486b82d1-30d4-44d2-9542-f33e3f149e92nvdExploitThird Party Advisory
- theplusaddons.com/changelog/nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.