Volerion logoVolerion
Volerion logoVolerion

WPBakery Page Builder Clipboard WordPress Plugin Missing Capability Checks Vulnerability

Vulnerability

A vulnerability exists in the WPBakery Page Builder Clipboard WordPress plugin in versions prior to 4.5.8. An AJAX action registered by the plugin lacked proper capability checks, enabling low-privilege users, such as subscribers, to unauthorizedly update license options, including the license key and email.

Impact

Exploitation of this vulnerability allows low-privilege users to arbitrarily update license information, potentially leading to unauthorized access or privileges.

Reproduction

To reproduce this vulnerability, log in as a user with a subscriber role or higher. Send a request to 'wp-admin/admin-ajax.php' with the action 'vc_clipboard_activate'. Include arbitrary data in the 'email' and 'license_key' parameters. The absence of capability checks will allow the request to be processed, updating the license options with the provided data.

Remediation

Users are advised to update the WPBakery Page Builder Clipboard WordPress plugin to version 4.5.8 or later.

Added: May 15, 2026, 11:41 AM
Updated: May 15, 2026, 11:41 AM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
0.6
exploitability
6.8
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.