Описание
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages or posts with arbitrary content.
Ссылки
- Patch
- PatchThird Party Advisory
- Patch
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages or posts with arbitrary content.
EPSS
4.3 Medium
CVSS3