Vulnerability Details CVE-2024-1072
The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.3%
CVSS Severity
CVSS v3 Score 8.2
References
- https://plugins.trac.wordpress.org/changeset/3029567/coming-soon/trunk/app/lpage.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/78d7920b-3e20-43c7-a522-72bac824c2cb?source=cve
- https://plugins.trac.wordpress.org/changeset/3029567/coming-soon/trunk/app/lpage.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/78d7920b-3e20-43c7-a522-72bac824c2cb?source=cve
Products affected by CVE-2024-1072
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.10.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.11.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.11.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.11.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.7
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.8
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.8.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.8.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.8.3
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.8.4
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.8.5
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.0.9.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.1.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.10.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.10.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.10.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.11.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.11.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.11.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.12.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.12.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.12.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.13.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.13.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.14.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.14.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.10
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.11
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.12
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.13
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.13.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.15
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.15.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.15.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.15.3
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.16
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.3
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.4
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.5
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.6
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.7
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.15.9
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.2.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.3.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.3.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.4.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.4.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.4.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.4.3
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.4.4
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.5.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.5.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.5.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.6.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.7.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.7.1
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.7.2
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.7.3
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.7.4
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0.10
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0.3
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0.4
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0.5
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0.6
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0.7
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0.8
-
cpe:2.3:a:seedprod:website_builder_by_seedprod:6.9.0.9