PT-2021-15787 · WordPress · Wpbakery Page Builder (Visual Composer) Clipboard

Charles Strader

Published

2021-05-05

Updated

2021-05-13

CVE-2021-24244

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin versions prior to 4.5.8

Description The issue concerns an AJAX action in the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin that lacks capability checks. This allows users with low privileges, such as subscribers, to update license options, including the key and email.

Recommendations For WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-24244

Affected Products

Wpbakery Page Builder (Visual Composer) Clipboard

PT-2021-15787 · WordPress · Wpbakery Page Builder (Visual Composer) Clipboard

CVE-2021-24244

Weakness Enumeration

Related Identifiers

Affected Products

References · 4