CVE-2021-24244 Information
Jun 07, 2022
cve
Description
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks allowing low privilege users such as subscribers to update the license options (key email).
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Reference
https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9 https://codecanyon.net/item/visual-composer-clipboard/8897711
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
6.5
Share on: