Local File Inclusion Vulnerability in Team Builder Plugin for WPBakery Page Builder
CVE-2024-13592
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 19 February 2025
What is CVE-2024-13592?
The Team Builder for WPBakery Page Builder plugin for WordPress is prone to a Local File Inclusion vulnerability due to improper handling of the 'team-builder-vc' shortcode. Authenticated attackers with Contributor-level access can exploit this flaw to include and execute arbitrary files on the server. This vulnerability may allow for bypassing access controls, retrieving sensitive information, or executing malicious PHP code embedded in files, elevating security risks for affected sites.
Affected Version(s)
Team Builder For WPBakery Page Builder(Formerly Visual Composer) * <= 1.0