CVE-2021-24243

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:52

Type Values Removed Values Added
References () https://codecanyon.net/item/visual-composer-clipboard/8897711 - Product, Third Party Advisory () https://codecanyon.net/item/visual-composer-clipboard/8897711 - Product, Third Party Advisory
References () https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3 - Exploit, Third Party Advisory

Information

Published : 2021-05-06 13:15

Updated : 2024-11-21 05:52


NVD link : CVE-2021-24243

Mitre link : CVE-2021-24243

CVE.ORG link : CVE-2021-24243


JSON object : View

Products Affected

wpbakery_page_builder_clipboard_project

  • wpbakery_page_builder_clipboard
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')