The Plus Addons for Elementor
cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:wordpress:*:*, +1 more
- <= 6.4.7
A vulnerability exists in The Plus Addons for Elementor WordPress plugin, specifically in versions through 6.4.7. The issue arises from the plugin's AJAX handler, which decrypts and trusts email routing data controlled by attackers, without proper authentication. This flaw allows unauthenticated attackers to manipulate email redirection and routing, potentially leading to unauthorized email being sent or redirected.
Exploitation of this vulnerability could result in unauthorized email relay and redirection, allowing attackers to control where emails are sent or how they are received.
Users are advised to update the plugin to version 6.4.8 or a newer patched version.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.