CVE-2021-24175

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder WordPress plugin versions prior to 4.1.7

Description: The issue allows malicious actors to bypass authentication, enabling unauthenticated users to log in as any user, including admin, by providing the related username. Additionally, it allows the creation of accounts with arbitrary roles, such as admin. This can be exploited even if registration is disabled and the Login widget is not active.

Recommendations: For versions prior to 4.1.7, update to version 4.1.7 or later to resolve the issue. As a temporary workaround, consider disabling the Login widget and restricting user registration to minimize the risk of exploitation.