CVE-2024-6688

Name of the Vulnerable Software and Affected Versions Oxygen Builder plugin for WordPress versions up to, and including, 4.8.3

Description The issue is related to a missing capability check on the oxy save css from admin AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update stylesheets. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Oxygen Builder plugin for WordPress versions up to, and including, 4.8.3, update to a version higher than 4.8.3 to resolve the issue. As a temporary workaround, consider restricting access to the oxy save css from admin AJAX action to minimize the risk of exploitation.