A critical security vulnerability was discovered in the Base44 AI development platform, acquired by Wix, allowing unauthorized access to private applications through exposed API endpoints. The vulnerability was swiftly patched within 24 hours, with no evidence of exploitation, but it underscores risks in βvibe codingβ platforms relying on shared infrastructure. #Base44 #Wix #APIVulnerabilities #VibeCodingPlatforms
Keypoints
- A serious flaw in Base44βs platform allowed attackers to bypass authentication and access private apps.
- The vulnerability involved publicly accessible app_id parameters and unprotected API endpoints.
- Wiz Research discovered the issue on July 9, 2025, and a patch was implemented within 24 hours.
- No exploitation was detected, but the flaw posed risks to enterprise apps managing sensitive information.
- This incident highlights systemic security challenges in βvibe codingβ AI development environments relying on shared infrastructure.
Read More: https://www.infosecurity-magazine.com/news/authentication-flaw-base44/