CVE-2021-24207
First published: Mon Apr 05 2021(Updated: )
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Themeum Wp Page Builder | <1.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24207?
CVE-2021-24207 is a vulnerability in the WP Page Builder WordPress plugin before version 1.2.4 that allows subscriber-level users to edit and make changes to any and all posts pages.
What software is affected by CVE-2021-24207?
The WP Page Builder WordPress plugin version up to and excluding 1.2.4 is affected by CVE-2021-24207.
How severe is CVE-2021-24207?
CVE-2021-24207 has a severity score of 4.3, categorizing it as a medium severity vulnerability.
How can I fix CVE-2021-24207?
To fix CVE-2021-24207, update the WP Page Builder plugin to version 1.2.4 or higher.
Is there any additional information about CVE-2021-24207?
For additional information about CVE-2021-24207, you can refer to the following references: [link 1](https://wpscan.com/vulnerability/21e7a46f-e9a3-4b20-b44a-a5b6ce7b7ce6), [link 2](https://www.themeum.com/wp-page-builder-updated-v1-2-4/)
- collector/nvd-index
- vendor/themeum
- canonical/themeum wp page builder