CVE-2024-1870

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...

WordPress Colibri Page Builder Plugin <= 1.0.260 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.260 Fixed in 1.0.263 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ddfb3a20814b Credits HappyFunTime Required...

CVE-2024-1870

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...

CVE-2024-1870

CVE-2024-1870 affects the WordPress plugin Colibri Page Builder . The vulnerability is an unauthorized data modification issue caused by a missing capability check in the function calledActivateLicenseEndpoint, present in all versions up to and including 1.0.260. This allows authenticated attacke...