Unauthorized Data Modification Vulnerability in BM Content Builder for WordPress
CVE-2025-1777
6.4MEDIUM
What is CVE-2025-1777?
The BM Content Builder plugin for WordPress contains a vulnerability that allows authenticated attackers, including those with subscriber-level access and higher, to perform unauthorized modifications to data. Due to a missing capability check in the 'ux_cb_page_options_save' function, attackers can inject arbitrary web scripts into pages. This injected code will execute whenever a user visits the compromised page, potentially leading to data exposure or further exploitation.
Affected Version(s)
BM Content Builder * <= 3.16.2.1