CVE-2024-1072

Name of the Vulnerable Software and Affected Versions Website Builder by SeedProd versions up to, and including, 6.15.21

Description The issue is related to a missing capability check on the seedprod lite new lpage function, allowing unauthenticated attackers to modify the contents of coming-soon, maintenance, login, and 404 pages set up with the plugin. It is estimated that around 900,000 WordPress sites are potentially affected.

Recommendations For versions up to, and including, 6.15.21, upgrade to version 6.15.23 to resolve the issue. As a temporary workaround, consider restricting access to the seedprod lite new lpage function until the upgrade is applied.