CVE-2021-24244

Description

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).

Affected products

• bitorbit / WPBakery Page Builder (Visual Composer) Clipboard4.5.0 – 4.5.0*
• bitorbit / WPBakery Page Builder (Visual Composer) Clipboard4.5.8 – 4.5.8

References

• MISChttps://codecanyon.net/item/visual-composer-clipboard/8897711
• MISChttps://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9