cleantalk
Vulnerabilities and Security Researches

Mega Addons For WPBakery Page Builder, CVE-2022-4501

CVE, Research URL

CVE-2022-4501

Home page URL

Security reports for Mega Addons For WPBakery Page Builder

Application

Mega Addons For WPBakery Page Builder

Published on
Dec 15, 2022
Research Description
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings.
Affected versions
Min -, max 4.3.0.
Status
vulnerable
Previous vulnerability researches
Mega Addons For WPBakery Page Builder (CVE-2022-4501) , Jun 07, 2024
Mega Addons For WPBakery Page Builder (CVE-2023-0268) , Jun 07, 2024
Mega Addons For WPBakery Page Builder (CVE-2022-36798) , Jun 07, 2024
New vulnerability
Featured Image Plus (CVE-2025-4431) , Jun 10, 2025
Products per Page for WooCommerce (CVE-2025-47504) , Jun 10, 2025
Min Max Default Quantity for WooCommerce (CVE-2025-47504) , Jun 09, 2025
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025