← back
CVE-2021-24244

WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update

EPSS 0.9%CWE-863
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
Affected products
bitorbit · WPBakery Page Builder (Visual Composer) Clipboard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://codecanyon.net/item/visual-composer-clipboard/8897711https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9