WordPress Plugin Vulnerabilities

Web and WooCommerce Addons for WPBakery Builder < 1.4.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification

Description

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change some of the plugin settings.

Affects Plugins

Fixed in 1.4.6

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Lucio Sá
Verified
No

Timeline

Publicly Published
2024-07-15 (about 1 year ago)
Added
2024-07-15 (about 1 year ago)
Last Updated
2024-07-16 (about 1 year ago)

Other