{ "CVE_data_meta": { "ID": "CVE-2021-24244", "ASSIGNER": "contact@wpscan.com", "STATE": "PUBLIC", "TITLE": "WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "generator": "WPScan CVE Generator", "affects": { "vendor": { "vendor_data": [ { "vendor_name": "bitorbit", "product": { "product_data": [ { "product_name": "WPBakery Page Builder (Visual Composer) Clipboard", "version": { "version_data": [ { "version_affected": ">=", "version_name": "4.5.0", "version_value": "4.5.0" }, { "version_affected": "<", "version_name": "4.5.8", "version_value": "4.5.8" } ] } } ] } } ] } }, "description": { "description_data": [ { "lang": "eng", "value": "An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email)." } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://codecanyon.net/item/visual-composer-clipboard/8897711", "name": "https://codecanyon.net/item/visual-composer-clipboard/8897711" }, { "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9", "name": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "value": "CWE-863 Incorrect Authorization", "lang": "eng" } ] } ] }, "credit": [ { "lang": "eng", "value": "Charles Strader Sweethill" } ], "source": { "discovery": "UNKNOWN" } }