CVE-2024-1285

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958	Product
https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pagebuildersandwich:page_builder_sandwich:*:*:*:*:*:wordpress:*:*

History

08 Jan 2025, 17:13

Type	Values Removed	Values Added
References	~~() https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958 -~~	() https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958 - Product
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve - Third Party Advisory
CPE		cpe:2.3:a:pagebuildersandwich:page_builder_sandwich::::::wordpress::*
First Time		Pagebuildersandwich Pagebuildersandwich page Builder Sandwich
CWE		CWE-862

05 Mar 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-05 02:15

Updated : 2025-01-08 17:13

NVD link : CVE-2024-1285

Mitre link : CVE-2024-1285

JSON object : View

Products Affected

pagebuildersandwich

page_builder_sandwich

CWE

CWE-862

Missing Authorization

JSON object

Attach tags to CVE-2024-1285

Attach tags to `CVE-2024-1285`