Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2021-24244

Description

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).

POC

Reference

- https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9

Github

- https://github.com/20142995/nuclei-templates