WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control
CVE-2023-23882
4.3MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 17 January 2024
Summary
A missing authorization vulnerability exists in Ultimate Addons for Beaver Builder – Lite, allowing attackers to potentially exploit broken access control mechanisms. This vulnerability affects versions from n/a up to 1.5.5, creating avenues for unauthorized operations that could compromise user data and application integrity. Security measures should be implemented to mitigate risks associated with this issue.
Affected Version(s)
Ultimate Addons for Beaver Builder – Lite <= 1.5.5
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
István Márton (Patchstack Alliance)