[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEeSYYyj5tHbaY3nXXCORAg5tX4Or5N_T6S-pHnkwpY4":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2024-1072","website-builder-by-seedprod-theme-builder-landing-page-builder-coming-soon-page-maintenance-mode-missing-authorization-v","Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode \u003C= 6.15.21 - Missing Authorization via seedprod_lite_new_lpage","The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.","coming-soon",null,"\u003C=6.15.21","6.15.22","high",8.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:L","Missing Authorization","2024-01-31 00:00:00","2024-02-05 21:21:52",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F78d7920b-3e20-43c7-a522-72bac824c2cb?source=api-prod",6]