An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
References
Link | Resource |
---|---|
https://codecanyon.net/item/visual-composer-clipboard/8897711 | Product Third Party Advisory |
https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-05-06 13:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-24244
Mitre link : CVE-2021-24244
CVE.ORG link : CVE-2021-24244
JSON object : View
Products Affected
wpbakery_page_builder_clipboard_project
- wpbakery_page_builder_clipboard
CWE
CWE-863
Incorrect Authorization