Missing Authorization Vulnerability Affects Post Type Builder (PTB)
CVE-2024-31366

7.1HIGH

Key Information:

Vendor: WordPress
Status: Post Type Builder (ptb)
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-31366?

The vulnerability in the Themify Post Type Builder (PTB) arises from missing authorization, allowing unauthorized users to create posts or pages at will. Affected versions, from the initial release to 2.0.8, may expose websites to significant security risks, enabling potential misuse. Users of the plugin are urged to apply necessary updates to mitigate these issues and secure their installations.

Affected Version(s)

Post Type Builder (PTB) <= 2.0.8

References

https://patchstack.com/database/vulnerability/themify-ptb...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Apr 1, 2024

Credit

Dave Jong (Patchstack)

WordPress

What is CVE-2024-31366?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit