Описание
The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.
Ссылки
- Product
- Patch
- Third Party Advisory
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.263 (исключая)
cpe:2.3:a:extendthemes:colibri_page_builder:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 22%
0.00073
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
почти 2 года назад
The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.
EPSS
Процентиль: 22%
0.00073
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862