cleantalk
Vulnerabilities and Security Researches

Colibri Page Builder, CVE-2024-1870

CVE, Research URL

CVE-2024-1870

Home page URL

Security reports for Colibri Page Builder

Application

Colibri Page Builder

Published on
Mar 09, 2024
Research Description
The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.
Affected versions
Min -, max 1.0.263.
Status
vulnerable
Previous vulnerability researches
Colibri Page Builder (CVE-2025-32185) , Apr 05, 2025
Colibri Page Builder (CVE-2024-4451) , Jun 08, 2024
Colibri Page Builder (CVE-2024-5020) , Dec 06, 2024
Colibri Page Builder (CVE-2024-1361) , Jun 07, 2024
Colibri Page Builder (CVE-2024-28004) , Jun 07, 2024
New vulnerability
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025
Widgetize Pages Light (CVE-2025-32117) , Apr 09, 2025