Due to a missing capability check, authenticated users with Subscriber-level permissions or higher can access and read private landing page revisions. This could lead to the exposure of sensitive draft content or upcoming site changes.
This vulnerability affects the following application versions:
- Website Builder by SeedProd 6.0.5
- Website Builder by SeedProd 6.0.6
- Website Builder by SeedProd 6.0.7
- Website Builder by SeedProd 6.0.8
- Website Builder by SeedProd 6.0.8.1
- Website Builder by SeedProd 6.0.8.2
- Website Builder by SeedProd 6.0.8.3
- Website Builder by SeedProd 6.0.8.4
- Website Builder by SeedProd 6.0.8.5
- Website Builder by SeedProd 6.0.9.0
- Website Builder by SeedProd 6.0.10.1
- Website Builder by SeedProd 6.0.11.1
- Website Builder by SeedProd 6.2.0
- Website Builder by SeedProd 6.2.1
- Website Builder by SeedProd 6.2.2
- Website Builder by SeedProd 6.2.3
- Website Builder by SeedProd 6.2.4
- Website Builder by SeedProd 6.2.5
- Website Builder by SeedProd 6.6.0
- Website Builder by SeedProd 6.9.0.8
- Website Builder by SeedProd 6.10.0
- Website Builder by SeedProd 6.12.0
- Website Builder by SeedProd 6.12.2
- Website Builder by SeedProd 6.13.0
- Website Builder by SeedProd 6.13.1
- Website Builder by SeedProd 6.15.3
- Website Builder by SeedProd 6.15.4
- Website Builder by SeedProd 6.15.6
- Website Builder by SeedProd 6.15.7
- Website Builder by SeedProd 6.15.13.1
- Website Builder by SeedProd 6.15.15.3
- Website Builder by SeedProd 6.15.18
- Website Builder by SeedProd 6.15.19
- Website Builder by SeedProd 6.15.20
- Website Builder by SeedProd 6.15.21
- Website Builder by SeedProd 6.15.22
- Website Builder by SeedProd 6.15.23
- Website Builder by SeedProd 6.17.4
- Website Builder by SeedProd 6.18.4
- Website Builder by SeedProd 6.18.5
- Website Builder by SeedProd 6.18.9
- Website Builder by SeedProd 6.18.10
- Website Builder by SeedProd 6.18.11
- Website Builder by SeedProd 6.18.12
- Website Builder by SeedProd 6.18.14
- Website Builder by SeedProd 6.18.15