The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-02-05T21:21:50.961Z
Updated: 2024-07-05T17:21:38.093Z
Reserved: 2024-01-30T15:10:49.992Z
Link: CVE-2024-1072
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-05T22:16:07.100
Modified: 2024-02-13T19:44:28.620
Link: CVE-2024-1072
JSON object: View
Redhat Information
No data.
CWE