CVE-2024-37218
📋 TL;DR
This CVE describes a missing authorization vulnerability in the WordPress Page Builder Sandwich plugin that allows attackers to exploit incorrectly configured access controls. Attackers could potentially modify content or settings they shouldn't have access to. This affects all WordPress sites using Page Builder Sandwich plugin versions up to 5.1.0.
💻 Affected Systems
- WordPress Page Builder Sandwich - Front-End Page Builder
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized users could modify website content, inject malicious code, or alter plugin settings leading to defacement, SEO spam, or malware distribution.
Likely Case
Low-privileged users could gain unauthorized access to edit content or modify plugin settings beyond their intended permissions.
If Mitigated
With proper access controls and user role management, impact would be limited to authorized users only performing intended actions.
🎯 Exploit Status
Exploitation requires some level of user access, though potentially minimal. The vulnerability is in access control logic rather than complex technical flaws.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.1 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/page-builder-sandwich/wordpress-page-builder-sandwich-5-1-0-broken-access-control-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Page Builder Sandwich' and check for updates. 4. Update to version 5.1.1 or later. 5. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Page Builder Sandwich plugin until patched
wp plugin deactivate page-builder-sandwich
Restrict user roles
allLimit user accounts with access to WordPress admin panel
🧯 If You Can't Patch
- Implement strict user role management and review all user permissions
- Enable web application firewall rules to detect unauthorized content modification attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Page Builder Sandwich → Version. If version is 5.1.0 or earlier, you are vulnerable.Check Version:
wp plugin get page-builder-sandwich --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 5.1.1 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unauthorized POST requests to page-builder-sandwich endpoints
- User role changes or permission escalation attempts
- Unexpected content modifications by non-admin users
Network Indicators:
- Unusual pattern of AJAX requests to /wp-admin/admin-ajax.php with page-builder-sandwich actions
SIEM Query:
source="wordpress.log" AND ("page-builder-sandwich" OR "pbs_" OR "sandwich_") AND (user_role!="administrator" OR user_role!="editor")