BM Content Builder Missing Authorization Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability in the BM Content Builder plugin for WordPress, present in all versions through 3.16.2.1, allows for unauthorized data modification that could lead to privilege escalation. This issue arises from a lack of capability checks on the 'ux_cb_tools_import_item_ajax' AJAX action. As a result, authenticated attackers with Subscriber-level access or higher can manipulate arbitrary options on the WordPress site. This vulnerability could be exploited to change the default role for new users to 'administrator' and enable user registration, granting administrative access to the attacker on the compromised site.
Impact
Exploitation of this vulnerability could result in unauthorized users gaining administrative privileges on the WordPress site, allowing them to make significant changes, including managing users and modifying site content.
Remediation
Users are advised to update the BM Content Builder plugin to version 3.16.3 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.