WordPress Plugin Vulnerabilities

Page Builder Sandwich – Front-End Page Builder <= 5.1.0 - Missing Authorization

Description

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
page-builder-sandwich
No known fix

References

CVE
CVE-2024-37218
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3613c0ce-ac77-4fdc-8e3a-830b45ef6390

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Phill Sav (Savphill)
Verified
No
WPVDB ID
519c8c46-66ad-4c42-9d1a-06424e10bebf

Timeline

Publicly Published
2024-06-21 (about 1 year ago)
Added
2024-07-02 (about 1 year ago)
Last Updated
2024-07-02 (about 1 year ago)

Other

Published
Title
Published
2025-02-18
Title
WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update
Published
2025-11-10
Title
Ninja Countdown <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown Deletion
Published
2026-01-21
Title
Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.8.37 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion
Published
2024-05-14
Title
Bulk Posts Editing For WordPress < 4.2.4 - Authenticated (Subscriber+) Missing Authorization
Published
2025-12-22
Title
FV Simpler SEO < 1.9.7 - Missing Authorization