CVE-2024-1285
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Mar 5, 2024
Updated: Jan 8, 2025
CWE ID 78
Summary
CVE-2024-1285 is a vulnerability affecting the Page Builder Sandwich plugin for WordPress. The issue lies in the 'gambit_builder_save_content' function, which lacks a capability check in all versions up to 5.1.0. This flaw allows authenticated attackers with subscriber access or higher to modify data arbitrarily and insert unwanted content into existing posts. This vulnerability poses a significant risk to websites using the plugin and should be addressed promptly with an update or patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- F3X24
Affected Vendors
- Xiamen Four-Faith Communication Technology Co.Ltd