An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
References
Link | Resource |
---|---|
https://codecanyon.net/item/visual-composer-clipboard/8897711 | Product Third Party Advisory |
https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-05-05T18:39:42
Updated: 2021-05-05T18:39:42
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24244
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-06T13:15:11.497
Modified: 2021-05-13T17:35:26.310
Link: CVE-2021-24244
JSON object: View
Redhat Information
No data.
CWE