Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 – Sensitive Information Exposure | CVE 2024-1381 | Plugin Vulnerabilities

Description

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or configuration data.

Affects Plugins

page-builder-sandwich

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/8e98d92a-fe64-4591-972b-ed11542506b7

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

cc4f8302-e94c-4069-b85a-bc612cf3b29a

Timeline

Publicly Published

2024-03-04 (about 2 years ago)

Added

2024-03-04 (about 2 years ago)

Last Updated

2024-03-04 (about 2 years ago)

Other

Published

Title

Published

2024-12-11

Title

New User Approve < 2.6.4 - Missing Authorization

Published

2025-11-21

Title

GoDAM < 1.4.7 - Missing Authorization

Published

2024-12-19

Title

VW Automobile Lite <= 2.1 - Missing Authorization

Published

2024-04-29

Title

MailerLite – Signup forms (official) < 1.7.7 - Missing Authorization

Published

2025-01-16

Title

Woo Tuner <= 0.1.2 - Missing Authorization