Description

WordPress Plugin Bold Page Builder is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin settings. WordPress Plugin Bold Page Builder version 2.3.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.3.3 or latest

References

https://blog.nintechnet.com/critical-vulnerability-in-wordpress-bold-page-builder-plugin-currently-being-exploited/

https://www.pluginvulnerabilities.com/2019/08/27/our-security-review-for-wordpress-plugins-would-have-identified-the-vulnerability-in-bold-page-builder-before-it-was-exploited/

https://plugins.svn.wordpress.org/bold-page-builder/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Package Quantity Discount Security Bypass (1.1.2)

WordPress Plugin AccessPress Anonymous Post Pro Arbitrary File Upload (3.1.9)

WordPress Plugin ProPlayer SQL Injection (4.7.9.1)

WordPress Plugin Gravity Forms Unspecified Vulnerability (2.4.17)

WordPress Plugin World Travel Information Cross-Site Scripting (1.0.0)

Severity

High

Classification

CVE-2019-15821 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Authentication Bypass