CVE-2022-4501
Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings.
| CWE | CWE-862 |
| Vendor | nasir179125 |
| Product | mega addons for wpbakery page builder |
| Published | Dec 14, 2022 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for nasir179125 mega addons for wpbakery page builder
Be the first to know when new high vulnerabilities affecting nasir179125 mega addons for wpbakery page builder are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
nasir179125 / Mega Addons For WPBakery Page Builder
0 โค 4.3.0
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a1eda885-7e10-4294-9748-5359efd51754?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/mega-addons-for-visual-composer/tags/4.2.7/main.php#L87 wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a1eda885-7e10-4294-9748-5359efd51754
Credits
Marco Wotschka