Missing Authorization Vulnerability Affects Post Type Builder (PTB)
CVE-2024-31366

7.1HIGH

Key Information:

Vendor: WordPress
Status: Post Type Builder (ptb)
Vendor: CVE Published:; 9 April 2024

Summary

The vulnerability in the Themify Post Type Builder (PTB) arises from missing authorization, allowing unauthorized users to create posts or pages at will. Affected versions, from the initial release to 2.0.8, may expose websites to significant security risks, enabling potential misuse. Users of the plugin are urged to apply necessary updates to mitigate these issues and secure their installations.

Affected Version(s)

Post Type Builder (PTB) <= 2.0.8

References

https://patchstack.com/database/vulnerability/themify-ptb...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Apr 1, 2024

Credit

Dave Jong (Patchstack)