Описание
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
Ссылки
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.5.0 (включая) до 4.5.8 (исключая)
cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 41%
0.00188
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
github
больше 3 лет назад
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
EPSS
Процентиль: 41%
0.00188
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863