An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9 | Exploit Third Party Advisory |
https://codecanyon.net/item/visual-composer-clipboard/8897711 | Product Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-05-06 06:15
Updated : 2021-05-13 10:35
NVD link : CVE-2021-24244
Mitre link : CVE-2021-24244
JSON object : View
CWE
CWE-863
Incorrect Authorization
Products Affected
wpbakery_page_builder_clipboard_project
- wpbakery_page_builder_clipboard