CVE-2024-1870

Name of the Vulnerable Software and Affected Versions Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.260

Description The issue is related to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function. This allows authenticated attackers with subscriber access or higher to update the license key.

Recommendations For versions up to, and including, 1.0.260, update to a version higher than 1.0.260 to resolve the issue. As a temporary workaround, consider restricting access to the callActivateLicenseEndpoint function until a patch is available.