CVE-2024-1285

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Mar 5, 2024
Updated: Jan 8, 2025
CWE ID 78

Summary

CVE-2024-1285 is a vulnerability affecting the Page Builder Sandwich plugin for WordPress. The issue lies in the 'gambit_builder_save_content' function, which lacks a capability check in all versions up to 5.1.0. This flaw allows authenticated attackers with subscriber access or higher to modify data arbitrarily and insert unwanted content into existing posts. This vulnerability poses a significant risk to websites using the plugin and should be addressed promptly with an update or patch.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • F3X24

Affected Vendors

  • Xiamen Four-Faith Communication Technology Co.Ltd