CVE-2024-1285 in Page Builder Sandwich Plugin
Summary
by MITRE • 03/05/2024
The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/12/2026
The vulnerability identified as CVE-2024-1285 affects the Page Builder Sandwich plugin for WordPress, specifically targeting versions up to and including 5.1.0. This represents a critical authorization flaw that undermines the integrity of content management within WordPress environments. The vulnerability stems from a missing capability check within the plugin's codebase, creating a path for unauthorized data modification that directly impacts the security posture of WordPress installations using this particular plugin. The flaw exists within the 'gambit_builder_save_content' function, which serves as a critical endpoint for content saving operations within the front-end page builder functionality.
The technical implementation of this vulnerability allows authenticated users with subscriber-level permissions or higher to exploit the missing capability validation. This represents a privilege escalation issue where users who should not have the ability to modify existing posts can manipulate content through the plugin's interface. The absence of proper capability verification means that any user with subscriber access can execute the save content function, effectively bypassing WordPress's standard permission controls. This flaw aligns with CWE-284, which describes improper access control mechanisms that allow unauthorized users to perform privileged actions.
From an operational perspective, this vulnerability creates significant risk for WordPress sites that rely on the Page Builder Sandwich plugin for content creation and management. Attackers with subscriber accounts can insert arbitrary content into existing posts, potentially leading to defacement, information disclosure, or the injection of malicious content. The impact extends beyond simple content modification as it undermines the trust model of the content management system, allowing attackers to compromise the integrity of published content. This vulnerability particularly affects sites where multiple users have subscriber access or where user registration is open, as it provides a direct path for content manipulation without requiring higher privileges.
The exploitation of this vulnerability requires minimal technical skill and can be accomplished through standard web application attack vectors. Attackers can leverage the exposed function endpoint to submit crafted content modifications, potentially leading to widespread content corruption across multiple posts. This type of vulnerability also aligns with ATT&CK technique T1078.004, which covers valid accounts as a means of gaining access and maintaining persistence within target systems. The missing capability check represents a fundamental flaw in the plugin's security architecture that should have been addressed through proper input validation and access control mechanisms.
Organizations affected by this vulnerability should immediately implement mitigations including updating to the latest version of the plugin where the capability check has been restored, or implementing temporary workarounds such as restricting user roles or disabling the plugin until a proper update is applied. The vulnerability highlights the importance of regular security auditing of third-party plugins and the necessity of maintaining up-to-date software versions. Security practitioners should also monitor for signs of exploitation through log analysis and implement proper access control monitoring to detect unauthorized content modifications. Additionally, organizations should consider implementing additional security layers such as web application firewalls and regular security assessments to identify similar vulnerabilities in their WordPress environments.