CVE-2021-24244
N/A
N/A
Summary
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| bitorbit | WPBakery Page Builder (Visual Composer) Clipboard | 4.5.0 < 4.5.0* | affected |
| bitorbit | WPBakery Page Builder (Visual Composer) Clipboard | 4.5.8 < 4.5.8 | affected |
Weaknesses
- CWE-863: CWE-863 Incorrect Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://codecanyon.net/item/visual-composer-clipboard/8897711
- https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9
References
- https://codecanyon.net/item/visual-composer-clipboard/8897711
- https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.