Another critical vulnerability has been found in WBCE CMS. The component that has been affected by this issue is the file wbce/framework/class.add-menu.php of the component Menu Manager. The vulnerability is located in the function get_taxes_for_menu. The attacker may exploit it to delete any menu. The name of the patch is bf37df13a3d3e3fce9a9f354bca44a0a8f8d22. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213755. It is worth noting that another vulnerability has been found in WBCE CMS. The component that has been affected by this issue is the file wbce/framework/class.controller.php of the component Controller. The vulnerability is located in the function get_menu_item of the file wbce/framework/class.menu-item.php. It may allow the attacker to delete any menu item, create/modify any menu item, etc. The name of the patch is a339e23f7b50a86d8f7bac6c9f6eaf0f98a8a0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213719.

There are several unconfirmed vulnerabilities found in WBCE CMS.

VDB-213735: Critical vulnerability found in WBCE CMS

Another critical vulnerability has been found in WBCE CMS. The component that has been affected by this issue is the file wbce/framework/class.controller.php of the component Controller. The vulnerability is located in the function get_menu_item of the file wbce/framework/class.menu-item.php. It may allow the attacker to delete any menu item, create/modify any menu item, etc. The name of the patch is a339e23f7b50a86d8f7bac6c9f6eaf0f98a8a0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213719.

There are several unconfirmed vulnerabilities found in WBCE CMS and its associated components such as Web Builder and Menu Manager

VDB-213722

The identifier of this vulnerability is VDB-213722. It may allow the attacker to delete any menu item, create/modify any menu item, etc.
WBCE CMS has been out for 3 years and have not released a patch for this vulnerability yet.

VDB-213753

Another critical vulnerability has been found in WBCE CMS. The component that has been affected by this issue is the file wbce/framework/class.controller.php of the component Controller. The vulnerability is located in the function get_menu_item of the file wbce/framework/class.menu-item.php. It may allow the attacker to delete any menu item, create/modify any menu item, etc. The name of the patch is a339e23f7b50a86d8f7bac6c9f6eaf0f98a8a0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213719.

Another critical vulnerability has been found in WBCE CMS which affects files from Menu Manager and Controller folders . The component that has been affected by this issue is the file wbce/framework/class.controller.php of the component Controller, which could allow an unauthorized person to delete any menu item, create or modify any menu item, etc., making it difficult for an administrator to manage and control access properly among other things as well as possibly causing data loss or instabilities on site performance and functionality as well as server security problems with possible hacker accesses and attacks due to vulnerabilities like these (CVE-2022-4006)

Vulnerable file

The vulnerable file is wbce/framework/class.add-menu.php of the component Menu Manager. The vulnerability is located in the function get_taxes_for_menu.

Timeline

Published on: 11/15/2022 22:15:00 UTC
Last modified on: 11/18/2022 19:46:00 UTC

References