6.5

CVE-2024-1285

Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing

Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.
Mögliche Gegenmaßnahme
Page Builder Sandwich – Front End WordPress Page Builder Plugin: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PagebuildersandwichPage Builder Sandwich SwPlatformwordpress Version <= 5.1.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Page Builder Sandwich – Front End WordPress Page Builder Plugin
Version *-5.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.343
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab
Third Party Advisory