Improper access control in Bold Page Builder plugin for WordPress



Published: 2019-08-27
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-269
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Bold Page Builder
Web applications / Modules and components for CMS

Vendor BoldThemes

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper Privilege Management

EUVDB-ID: #VU20395

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privilege on the target system.

The vulnerability exists due to the missing access controls. A remote attacker can perform actions that only an administrator should be allowed to do (e.g., modifying settings and importing data).


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Bold Page Builder: 1.0.0 - 2.3.1

External links

http://blog.nintechnet.com/critical-vulnerability-in-wordpress-bold-page-builder-plugin-currently-b...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###