The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other users that otherwise shouldn't be accessible to them.
Metrics
Affected Vendors & Products
References
History
Wed, 20 Nov 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Themify builder
|
|
CPEs | cpe:2.3:a:themify:builder:*:*:*:*:-:wordpress:*:* | |
Vendors & Products |
Themify themify Builder
|
Themify builder
|
Fri, 27 Sep 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Themify
Themify themify Builder |
|
CPEs | cpe:2.3:a:themify:themify_builder:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Themify
Themify themify Builder |
Thu, 22 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other users that otherwise shouldn't be accessible to them. | |
Title | Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication | |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-22T02:02:03.277Z
Updated: 2024-08-22T14:28:06.284Z
Reserved: 2024-08-15T11:22:24.452Z
Link: CVE-2024-7836
Vulnrichment
Updated: 2024-08-22T14:28:00.806Z
NVD
Status : Analyzed
Published: 2024-08-22T03:15:04.353
Modified: 2024-11-20T15:09:34.677
Link: CVE-2024-7836
Redhat
No data.