Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:5756B2E9-091F-49AB-ADC3-A3EF73E1BFE2
HistoryJul 20, 2022 - 12:00 a.m.

Beaver Builder < 2.5.4.4 - Subscriber+ Arbitrary Post Builder Layout Disabling

2022-07-2000:00:00
wpscan.com
13

0.003 Low

EPSS

Percentile

70.0%

JSON

The plugin does not have authorisation and CSRF checks in the fl_builder_disable AJAX action, which could allow any authenticated users, such as subscriber to disable the builder layout of arbitrary posts Note: The original advisory mentions the issue has been fixed, however only a CSRF check has been added, proper authorisation is still missing.

CPENameOperatorVersion
beaver-builder-lite-versionlt2.5.4.4

Related

cve 1
patchstack 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2022-36425
2022-09-06 18:15:15
patchstack
patchstack
WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability
2022-07-20 00:00:00
prion
prion
Improper access control
2022-09-06 18:15:00
cvelist
cvelist
CVE-2022-36425 WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability
2022-07-20 00:00:00
nvd
nvd
CVE-2022-36425
2022-09-06 18:15:15

0.003 Low

EPSS

Percentile

70.0%

JSON
Related for WPVDB-ID:5756B2E9-091F-49AB-ADC3-A3EF73E1BFE2
cve1patchstack1prion1cvelist1nvd1