Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitRamuel GallWPEX-ID:21E7A46F-E9A3-4B20-B44A-A5B6CE7B7CE6
HistoryMar 17, 2021 - 12:00 a.m.

WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts

2021-03-1700:00:00
Ramuel Gall
288

0.001 Low

EPSS

Percentile

24.8%

JSON

By default, the plugin allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. A subscriber, upon registering an account with a site with the WP Pagebuilder plugin, could immediately modify or delete existing content on the site.

It is possible for a subscriber-level user to access the editor simply by visiting the post editor’s URL for a given post or page and supplying β€œwppb_editor” in the β€œaction” parameter e.g. wp-admin/post.php?post=610&action=wppb_editor.

Related

patchstack 1
wpvulndb 1
cvelist 1
nvd 1
prion 1
cve 1
patchstack
patchstack
WordPress WP Page Builder plugin <= 1.2.3 - Insecure Default Configuration vulnerability
2021-04-08 00:00:00
wpvulndb
wpvulndb
WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts
2021-03-17 00:00:00
cvelist
cvelist
CVE-2021-24207 WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts
2021-04-05 18:27:46
nvd
nvd
CVE-2021-24207
2021-04-05 19:15:17
prion
prion
Default credentials
2021-04-05 19:15:00
cve
cve
CVE-2021-24207
2021-04-05 19:15:17

0.001 Low

EPSS

Percentile

24.8%

JSON
Related for WPEX-ID:21E7A46F-E9A3-4B20-B44A-A5B6CE7B7CE6
patchstack1wpvulndb1cvelist1nvd1prion1cve1