2 matches found
CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...
WordPress Themify Builder Plugin <= 7.6.1 is vulnerable to Broken Access Control
Software Themify Builder Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bd6e0e69059b Credits Peter Thaleikis Required...