CVE-2021-24244

Summary

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).

Affected Software

VendorProductVersion RangeStatus
bitorbitWPBakery Page Builder (Visual Composer) Clipboard4.5.0 < 4.5.0*affected
bitorbitWPBakery Page Builder (Visual Composer) Clipboard4.5.8 < 4.5.8affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

References