CVE-2021-24244

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
wpbakery_page_builder_clipboard_projectwpbakery_page_builder_clipboard
4.5.0 ≤
𝑥
< 4.5.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://codecanyon.net/item/visual-composer-clipboard/8897711
https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9
https://codecanyon.net/item/visual-composer-clipboard/8897711
https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9