Vulnerabilities > Posimyth > THE Plus Addons FOR Elementor > 3.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-14 | CVE-2021-24358 | Unspecified vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. | 6.1 |
| 2021-06-14 | CVE-2021-24359 | Improper Authentication vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. | 5.3 |
| 2021-04-05 | CVE-2021-24175 | Improper Authentication vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. | 9.8 |