Design/Logic Flaw

2021-05-0613:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

21.4%

JSON

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.

CPENameOperatorVersion
wpbakery_page_builder_clipboardge4.5.0
wpbakery_page_builder_clipboardlt4.5.6

CPE	Name	Operator	Version
	wpbakery_page_builder_clipboard	ge	4.5.0
	wpbakery_page_builder_clipboard	lt	4.5.6

References

codecanyon.net/item/visual-composer-clipboard/8897711

wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3

0.001 Low

EPSS

Percentile

21.4%

JSON

Related for PRION:CVE-2021-24243