The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin
This vulnerability affects the following application versions:
- Website Builder by SeedProd 6.0.5
- Website Builder by SeedProd 6.0.6
- Website Builder by SeedProd 6.0.7
- Website Builder by SeedProd 6.0.8
- Website Builder by SeedProd 6.0.8.1
- Website Builder by SeedProd 6.0.8.2
- Website Builder by SeedProd 6.0.8.3
- Website Builder by SeedProd 6.0.8.4
- Website Builder by SeedProd 6.0.8.5
- Website Builder by SeedProd 6.0.9.0
- Website Builder by SeedProd 6.0.10.1
- Website Builder by SeedProd 6.0.11.1
- Website Builder by SeedProd 6.2.0
- Website Builder by SeedProd 6.2.1
- Website Builder by SeedProd 6.2.2
- Website Builder by SeedProd 6.2.3
- Website Builder by SeedProd 6.2.4
- Website Builder by SeedProd 6.2.5
- Website Builder by SeedProd 6.6.0
- Website Builder by SeedProd 6.9.0.8
- Website Builder by SeedProd 6.10.0
- Website Builder by SeedProd 6.12.0
- Website Builder by SeedProd 6.12.2
- Website Builder by SeedProd 6.13.0
- Website Builder by SeedProd 6.13.1
- Website Builder by SeedProd 6.15.3
- Website Builder by SeedProd 6.15.4
- Website Builder by SeedProd 6.15.6
- Website Builder by SeedProd 6.15.7
- Website Builder by SeedProd 6.15.13.1
- Website Builder by SeedProd 6.15.15.3
- Website Builder by SeedProd 6.15.18
- Website Builder by SeedProd 6.15.19
- Website Builder by SeedProd 6.15.20
- Website Builder by SeedProd 6.15.21
- Website Builder by SeedProd 6.15.22