CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24244 – WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update
https://notcve.org/view.php?id=CVE-2021-24244
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email). Una acción AJAX registrada por el plugin WPBakery Page Builder (Visual Composer) Clipboard WordPress versiones anteriores a 4.5.8, no tenía verificaciones de capacidad, permitiendo a usuarios con privilegios bajos, como los suscriptores, actualizar las opciones de licencia (clave, correo electrónico) • https://codecanyon.net/item/visual-composer-clipboard/8897711 https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9 • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24243 – WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24243
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages. Una acción AJAX registrada por el plugin WPBakery Page Builder (Visual Composer) Clipboard WordPress versiones anteriores a 4.5.6, no tenía capacidad de comprobación ni saneamiento, permitiendo a usuarios con privilegios bajos (suscriptor+) llamarlo y configurar cargas útiles XSS, que serán activadas en todas las páginas backend • https://codecanyon.net/item/visual-composer-clipboard/8897711 https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •