Vulnerabilities > CVE-2021-24243 - Unspecified vulnerability in Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wpbakery-page-builder-clipboard-project

NVD

Published: 2021-05-06

Updated: 2024-11-21

Summary

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.

Vulnerable Configurations

Part	Description	Count
Application	Wpbakery_Page_Builder_Clipboard_Project Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard 4.5.0 Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard 4.5.1 Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard 4.5.2 Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard 4.5.3 Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard 4.5.4 Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard 4.5.5	6

Summary

Vulnerable Configurations

References