Vulnerabilities > CVE-2024-7836 - Incorrect Authorization vulnerability in Themify Builder

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

themify

CWE-863

NVD

Published: 2024-08-22

Updated: 2024-09-27

Summary

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other users that otherwise shouldn't be accessible to them.

Vulnerable Configurations

Part	Description	Count
Application	Themify Themify Themify Builder - Themify Themify Builder 7.0.0 Themify Themify Builder 7.0.1 Themify Themify Builder 7.0.2 Themify Themify Builder 7.0.3 Themify Themify Builder 7.5.0 Themify Themify Builder 7.5.1 Themify Themify Builder 7.5.2 Themify Themify Builder 7.5.3 Themify Themify Builder 7.5.4 Themify Themify Builder 7.5.5 Themify Themify Builder 7.5.6 Themify Themify Builder 7.5.7 Themify Themify Builder 7.5.8 Themify Themify Builder 7.5.9	15

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References