[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJzA7ePQJIsn77XLpOhJXZq7aivCvST1Gu_uktT_CMHg":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-cd88b116-0a6e-412b-8d43-024fdf36bcdf-beaver-builder-lite-version","beaver-builder-wordpress-page-builder-free-pro-authorization-bypass","Beaver Builder – WordPress Page Builder (Free & Pro) \u003C= 1.7 - Authorization Bypass","The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.7 due to bypass in how the capability checking functionality works in the call_action() function. An attacker is able to supply '0' for the 'post_id' parameter which makes the check that a current user can edit the supplied post ID true. This makes it possible for authenticated attackers, with minimal permissions like a subscriber, to call any of the 40+ AJAX action available and perform many unauthorized actions.","beaver-builder-lite-version",null,"\u003C=1.7","1.7.1","medium",6.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Missing Authorization","2016-02-08 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcd88b116-0a6e-412b-8d43-024fdf36bcdf?source=api-prod",2906]