CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings.
Configurations

Configuration 1

cpe:2.3:a:topdigitaltrends:mega_addons_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-12-14 09:15

Updated : 2022-12-20 02:26


NVD link : CVE-2022-4501

Mitre link : CVE-2022-4501

Products Affected
No products.
CWE