CVE-2024-12848: CWE-862 Missing Authorization in sonalsinha21 SKT Page Builder
CVE-2024-12848 is a high-severity vulnerability in the SKT Page Builder WordPress plugin, affecting all versions up to 4. 6. The flaw arises from a missing authorization check in the 'addLibraryByArchive' function, allowing authenticated users with subscriber-level access or higher to upload arbitrary files. This capability enables remote code execution (RCE) on the affected WordPress sites without requiring user interaction. The vulnerability has a CVSS score of 8. 8, reflecting its critical impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation and broad impact make it a significant threat. Organizations using this plugin should urgently apply patches or implement strict access controls to mitigate risk. Countries with widespread WordPress usage and significant web infrastructure are most at risk.
AI Analysis
Technical Summary
CVE-2024-12848 is a critical vulnerability found in the SKT Page Builder plugin for WordPress, specifically in all versions up to and including 4.6. The root cause is a missing authorization check (CWE-862) in the 'addLibraryByArchive' function, which is responsible for handling file uploads. Due to this missing capability check, any authenticated user with at least subscriber-level privileges can upload arbitrary files to the server. This arbitrary file upload can be leveraged to achieve remote code execution (RCE), allowing attackers to execute malicious code on the web server hosting the WordPress site. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N), with low attack complexity (AC:L). The CVSS v3.1 score of 8.8 reflects high impact on confidentiality, integrity, and availability, as attackers can compromise the entire system, steal sensitive data, modify content, or disrupt service. Although no public exploits have been reported yet, the vulnerability's nature and ease of exploitation make it a critical risk for websites using this plugin. The lack of a patch link suggests that users must monitor vendor updates closely or consider temporary mitigations such as restricting plugin usage or user permissions.
Potential Impact
The impact of CVE-2024-12848 is severe for organizations running WordPress sites with the SKT Page Builder plugin installed. Successful exploitation allows attackers to upload arbitrary files, leading to remote code execution, which can result in full system compromise. This threatens the confidentiality of sensitive data stored or processed by the website, the integrity of website content and backend systems, and the availability of the web service. Attackers could deploy web shells, pivot to internal networks, deface websites, steal user credentials, or launch further attacks. Given WordPress's widespread use globally, this vulnerability could affect a large number of websites, including corporate, governmental, and e-commerce platforms. The requirement for only subscriber-level access lowers the barrier for exploitation, increasing risk from insider threats or compromised low-privilege accounts.
Mitigation Recommendations
To mitigate this vulnerability, organizations should immediately verify if they use the SKT Page Builder plugin and identify the version in use. Since no official patch is currently linked, users should: 1) Restrict plugin access strictly to trusted administrators and remove or downgrade subscriber-level permissions where possible. 2) Disable or uninstall the SKT Page Builder plugin until a security update is released. 3) Implement Web Application Firewall (WAF) rules to detect and block suspicious file upload attempts targeting the vulnerable function. 4) Monitor server logs for unusual file uploads or execution patterns indicative of exploitation attempts. 5) Harden WordPress installations by enforcing the principle of least privilege for all user roles. 6) Regularly back up website data and test restoration procedures to recover quickly from potential compromises. 7) Stay alert for vendor announcements or security advisories providing patches or further guidance.
Affected Countries
United States, India, Germany, United Kingdom, Canada, Australia, France, Brazil, Japan, Netherlands, Italy, Spain
CVE-2024-12848: CWE-862 Missing Authorization in sonalsinha21 SKT Page Builder
Description
CVE-2024-12848 is a high-severity vulnerability in the SKT Page Builder WordPress plugin, affecting all versions up to 4. 6. The flaw arises from a missing authorization check in the 'addLibraryByArchive' function, allowing authenticated users with subscriber-level access or higher to upload arbitrary files. This capability enables remote code execution (RCE) on the affected WordPress sites without requiring user interaction. The vulnerability has a CVSS score of 8. 8, reflecting its critical impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation and broad impact make it a significant threat. Organizations using this plugin should urgently apply patches or implement strict access controls to mitigate risk. Countries with widespread WordPress usage and significant web infrastructure are most at risk.
AI-Powered Analysis
Technical Analysis
CVE-2024-12848 is a critical vulnerability found in the SKT Page Builder plugin for WordPress, specifically in all versions up to and including 4.6. The root cause is a missing authorization check (CWE-862) in the 'addLibraryByArchive' function, which is responsible for handling file uploads. Due to this missing capability check, any authenticated user with at least subscriber-level privileges can upload arbitrary files to the server. This arbitrary file upload can be leveraged to achieve remote code execution (RCE), allowing attackers to execute malicious code on the web server hosting the WordPress site. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N), with low attack complexity (AC:L). The CVSS v3.1 score of 8.8 reflects high impact on confidentiality, integrity, and availability, as attackers can compromise the entire system, steal sensitive data, modify content, or disrupt service. Although no public exploits have been reported yet, the vulnerability's nature and ease of exploitation make it a critical risk for websites using this plugin. The lack of a patch link suggests that users must monitor vendor updates closely or consider temporary mitigations such as restricting plugin usage or user permissions.
Potential Impact
The impact of CVE-2024-12848 is severe for organizations running WordPress sites with the SKT Page Builder plugin installed. Successful exploitation allows attackers to upload arbitrary files, leading to remote code execution, which can result in full system compromise. This threatens the confidentiality of sensitive data stored or processed by the website, the integrity of website content and backend systems, and the availability of the web service. Attackers could deploy web shells, pivot to internal networks, deface websites, steal user credentials, or launch further attacks. Given WordPress's widespread use globally, this vulnerability could affect a large number of websites, including corporate, governmental, and e-commerce platforms. The requirement for only subscriber-level access lowers the barrier for exploitation, increasing risk from insider threats or compromised low-privilege accounts.
Mitigation Recommendations
To mitigate this vulnerability, organizations should immediately verify if they use the SKT Page Builder plugin and identify the version in use. Since no official patch is currently linked, users should: 1) Restrict plugin access strictly to trusted administrators and remove or downgrade subscriber-level permissions where possible. 2) Disable or uninstall the SKT Page Builder plugin until a security update is released. 3) Implement Web Application Firewall (WAF) rules to detect and block suspicious file upload attempts targeting the vulnerable function. 4) Monitor server logs for unusual file uploads or execution patterns indicative of exploitation attempts. 5) Harden WordPress installations by enforcing the principle of least privilege for all user roles. 6) Regularly back up website data and test restoration procedures to recover quickly from potential compromises. 7) Stay alert for vendor announcements or security advisories providing patches or further guidance.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-12-20T15:13:10.606Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6e49b7ef31ef0b59c5a7
Added to database: 2/25/2026, 9:48:57 PM
Last enriched: 2/26/2026, 2:44:17 AM
Last updated: 2/26/2026, 6:14:34 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumCVE-2026-2499: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tgrk Custom Logo
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.