CVE-2021-24244

Published: May 6, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).

Affected (1)

Products: Wpbakery Page Builder Clipboard Project: Wpbakery Page Builder Clipboard

Wpbakery Page Builder Clipboard Project

1 product

Wpbakery Page Builder Clipboard

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard	From 4.5.0 to 4.5.8

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://codecanyon.net/item/visual-composer-clipboard/8897711

Source: contact@wpscan.com

ProductThird Party Advisory

https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9

Source: contact@wpscan.com

ExploitThird Party Advisory

https://codecanyon.net/item/visual-composer-clipboard/8897711

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.