The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages or posts with arbitrary content.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/admin/class-admin.php#L280 - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/1090acfc-5b0c-478a-ac71-db54fdaefdf5?source=cve - Patch, Third Party Advisory |
05 Aug 2024, 20:23
Type | Values Removed | Values Added |
---|---|---|
First Time |
Woostify
Woostify boostify Header Footer Builder For Elementor |
|
CPE | cpe:2.3:a:woostify:boostify_header_footer_builder_for_elementor:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-862 | |
References | () https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/admin/class-admin.php#L280 - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/1090acfc-5b0c-478a-ac71-db54fdaefdf5?source=cve - Patch, Third Party Advisory |
06 Jun 2024, 14:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 02:15
Updated : 2024-11-21 09:43
NVD link : CVE-2024-4788
Mitre link : CVE-2024-4788
CVE.ORG link : CVE-2024-4788
JSON object : View
Products Affected
woostify
- boostify_header_footer_builder_for_elementor
CWE
CWE-862
Missing Authorization