WordPress Plugin Vulnerabilities

Ultimate Addons for Beaver Builder < 1.35.15 - Contributor+ Privilege Escalation

Description

The Ultimate Addons for Beaver Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.35.14. This makes it possible for authenticated attackers, with contributor access and above, to escalate their privileges to those of a higher level user.

Affects Plugins

Plugin icon
bb-ultimate-addon
Fixed in 1.35.15

References

CVE
CVE-2023-51398
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/1b29048e-cf06-463c-82e0-f1d973e50232

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
731e572b-f511-4afe-862e-ec951a7ec065

Timeline

Publicly Published
2023-12-26 (about 2 years ago)
Added
2024-01-03 (about 2 years ago)
Last Updated
2024-01-03 (about 2 years ago)

Other

Published
Title
Published
2025-01-03
Title
Accessibility by AllAccessible < 1.3.5 - Subscriber+ Privilege Escalation
Published
2026-02-14
Title
Ecwid by Lightspeed Ecommerce Shopping Cart < 7.0.8 - Subscriber+ Privilege Escalation
Published
2025-05-06
Title
Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation
Published
2024-09-06
Title
WPCOM Member < 1.5.3 - Unauthenticated Privilege Escalation via User Meta
Published
2024-12-19
Title
SSL Wireless SMS Notification < 3.7.0 - Unauthenticated Privilege Escalation