Vulnerability Description
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpbakery Page Builder Clipboard Project | Wpbakery Page Builder Clipboard | >= 4.5.0, < 4.5.8 |
Related Weaknesses (CWE)
References
- https://codecanyon.net/item/visual-composer-clipboard/8897711ProductThird Party Advisory
- https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9ExploitThird Party Advisory
- https://codecanyon.net/item/visual-composer-clipboard/8897711ProductThird Party Advisory
- https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9ExploitThird Party Advisory
FAQ
What is CVE-2021-24244?
CVE-2021-24244 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to u...
How severe is CVE-2021-24244?
CVE-2021-24244 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24244?
Check the references section above for vendor advisories and patch information. Affected products include: Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard.