CVE-2021-24207

CVE-2021-24207: WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts

Vendor Unknown

Product WP Page Builder

Weakness CWE-863 · Incorrect authorization

Published April 5, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.

Key dates

02Disclosure timeline

April 5, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24207 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2025-29997 Improper Access Control Vulnerability in CAP back office application CVE-2024-10275 Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary CVE-2023-50363 QTS, QuTS hero CVE-2025-54877 Tuleap's special and always there fields permissions are not verified in cross-tracker search CVE-2026-33469 Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw