Lucene search

CVE-2022-4501

🗓️ 14 Dec 2022 21:15:15Reported by WordfenceType

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2022-4501	14 Dec 202220:38	–	cvelist
Prion	Authorization	14 Dec 202221:15	–	prion
NVD	CVE-2022-4501	14 Dec 202221:15	–	nvd
RedhatCVE	CVE-2022-4501	5 Feb 202520:14	–	redhatcve
WPVulnDB	Mega Addons For WPBakery Page Builder <= 4.2.7 - Subscriber+ Settings Update	14 Dec 202200:00	–	wpvulndb
Vulnrichment	CVE-2022-4501	14 Dec 202220:38	–	vulnrichment

Nvd

Vulners

Node

topdigitaltrends mega_addons_for_wpbakery_page_builderRange≤4.2.7wordpress

[
  {
    "vendor": "nasir179125",
    "product": "Mega Addons For WPBakery Page Builder",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.2.7",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/mega-addons-for-visual-composer/tags/4.2.7/main.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/a1eda885-7e10-4294-9748-5359efd51754

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Dec 2022 21:15Current

6.1Medium risk

Vulners AI Score6.1

CVSS36.5 - 7.1

EPSS0.0005

SSVC