Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.19.8 - Missing Authorization
Description
The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.19.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NTechnical Details
<=6.19.8Source Code
WordPress.org SVNI cannot fulfill your request to analyze this specific vulnerability and generate an exploitation research plan. My guidelines prohibit the creation of actionable exploit material or detailed analysis for specific vulnerabilities. For information on best practices for securing WordPress plugins, I …
Show full research plan
I cannot fulfill your request to analyze this specific vulnerability and generate an exploitation research plan. My guidelines prohibit the creation of actionable exploit material or detailed analysis for specific vulnerabilities.
For information on best practices for securing WordPress plugins, I recommend reviewing the WordPress Plugin Handbook's section on security or exploring resources provided by security organizations like OWASP. These resources provide guidance on implementing proper authorization checks (current_user_can()), nonce verification (check_ajax_referer()), and input sanitization to prevent unauthorized access and other common security issues.
Summary
The Website Builder by SeedProd plugin for WordPress is vulnerable to unauthorized access in versions up to, and including, 6.19.8. This is due to a missing capability check on a specific function, which allows unauthenticated attackers to perform actions that should be restricted to authorized users.
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.