Unauthorized Settings Modification Vulnerability in WPBakery Builder Plugin for WordPress
CVE-2024-6579

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Web and WooCommerce Addons for WPBakery Builder
Vendor: CVE Published:; 16 July 2024

Summary

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress contains a vulnerability that allows authenticated users, including those with a Subscriber-level role, to modify plugin settings without proper authorization. This flaw stems from missing capability checks within several functions of the plugin, potentially compromising the security and configuration of any site utilizing the plugin version 1.4.5 and earlier. Promptly updating to the latest version is essential for maintaining the integrity and security of WordPress installations using this plugin.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/vc-addons-by-b...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024