cleantalk
Vulnerabilities and Security Researches

WordPress Header Builder Plugin – Pearl, CVE-2024-5468

CVE, Research URL

CVE-2024-5468

Home page URL

Security reports for WordPress Header Builder Plugin – Pearl

Application

WordPress Header Builder Plugin – Pearl

Published on
Jun 12, 2024
Research Description
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to delete arbitrary options that can be used to perform a denial of service attack on a site.
Affected versions
Min -, max 1.3.8.
Status
vulnerable
Previous vulnerability researches
WordPress Header Builder Plugin – Pearl (CVE-2022-38356) , Jun 07, 2024
WordPress Header Builder Plugin – Pearl (CVE-2024-4000) , Jun 07, 2024
WordPress Header Builder Plugin – Pearl (CVE-2024-5468) , Jun 13, 2024
WordPress Header Builder Plugin – Pearl (CVE-2024-12206) , Jan 10, 2025
WordPress Header Builder Plugin – Pearl (CVE-2025-31880) , Apr 03, 2025
New vulnerability
Site Search 360 (CVE-2025-39530) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39589) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39590) , Apr 17, 2025
Basic Interactive World Map (CVE-2025-39517) , Apr 17, 2025
Dynamic Post (CVE-2025-39522) , Apr 17, 2025