Cybersecurity researchers discovered and patched a critical flaw in Wix’s Base44 platform that allowed unauthorized access to private applications through a simple vulnerability in authentication endpoints. The incident highlights the emerging risks posed by AI-powered coding tools and misconfigured authorization systems. #Base44 #Wix #AIsecurity #authvulnerability
Keypoints
- A critical security flaw in Wix’s Base44 platform allowed bypassing authentication controls through a non-secret app_id.
- The vulnerability enabled attackers to register and verify accounts for private applications without authorization.
- The flaw was responsibly disclosed and fixed within 24 hours, with no evidence of exploitation in the wild.
- AI coding platforms and generative models are creating new attack surfaces due to misconfigurations and prompt vulnerabilities.
- Exposed MCP servers and insecure token storage increase risks of data theft and unauthorized access in AI ecosystems.
Read More: https://thehackernews.com/2025/07/wiz-uncovers-critical-access-bypass.html