CVE-2021-24244

WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update

EPSS 0.9%CWE-863

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

05 May 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).

Affected products

bitorbit · WPBakery Page Builder (Visual Composer) Clipboard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://codecanyon.net/item/visual-composer-clipboard/8897711 https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9