CVE-2021-4447

The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/be098ee9-b749-4908-85e8-e717d019609a?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:lite:wordpress:*:*

History

No history.

Information

Published : 2024-10-16 07:15

Updated : 2025-01-10 14:39

NVD link : CVE-2021-4447

Mitre link : CVE-2021-4447

CVE.ORG link : CVE-2021-4447

JSON object : View

Products Affected

wpdeveloper

essential_addons_for_elementor

CWE

CWE-862

Missing Authorization

{"id": "CVE-2021-4447", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-10-16T07:15:10.687", "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be098ee9-b749-4908-85e8-e717d019609a?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user."}, {"lang": "es", "value": "El complemento Essential Addons for Elementor para WordPress es vulnerable a la escalada de privilegios en versiones hasta la 4.6.4 incluida debido a la falta de restricciones sobre qui\u00e9n puede agregar un formulario de registro y un rol de registro personalizado a una p\u00e1gina creada con Elementor. Esto hace posible que los atacantes con acceso al generador de p\u00e1ginas de Elementor creen un nuevo formulario de registro que tenga como rol de usuario predeterminado el de administrador y, posteriormente, se registren como usuarios administrativos."}], "lastModified": "2025-01-10T14:39:08.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:lite:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2BD6544D-1249-468A-BEF0-3757C7E6A52C", "versionEndExcluding": "4.6.5"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}