Vulnerability cyber

Wix

Jul 31, 2025 1 min read
Wix

A severe authentication bypass vulnerability in Base44, a popular AI-powered vibe coding platform recently acquired by Wix, exposed private enterprise applications and sensitive corporate data to unauthorized access. The flaw allowed attackers to exploit undocumented API endpoints, bypassing authentication controls, including Single Sign-On (SSO) protections. While the vulnerability was patched within 24 hours, it highlighted significant security concerns in AI development ecosystems. Enterprise applications, including internal chatbots, knowledge bases, and HR systems containing personally identifiable information (PII), were at risk. Although no evidence of malicious exploitation was found, the incident underscored the need for robust security measures in shared cloud environments.

Source: https://cybersecuritynews.com/ai-vibe-coding-platform-hacked/

TPRM report: https://www.rankiteo.com/company/wix-com

"id": "wix214080925",
"linkid": "wix-com",
"type": "Vulnerability",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Base44',
                        'type': 'AI-powered vibe coding platform'}],
 'attack_vector': 'API manipulation',
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'description': 'A severe authentication bypass vulnerability in Base44, a '
                'popular AI-powered vibe coding platform recently acquired by '
                'Wix, could have allowed attackers unauthorized access to '
                'private enterprise applications and sensitive corporate data.',
 'impact': {'data_compromised': 'Personally Identifiable Information (PII)',
            'identity_theft_risk': 'High',
            'systems_affected': ['Internal chatbots',
                                 'Knowledge bases',
                                 'HR operations systems']},
 'initial_access_broker': {'entry_point': 'Publicly accessible Swagger-UI '
                                          'interfaces'},
 'investigation_status': 'Resolved',
 'lessons_learned': 'The need for better AI platform security and robust '
                    'security foundations in shared cloud environments.',
 'post_incident_analysis': {'corrective_actions': 'Proper validation to '
                                                  'prevent unauthorized '
                                                  'registration attempts',
                            'root_causes': 'Poorly secured APIs and '
                                           'architectural oversight in '
                                           'authentication endpoints'},
 'references': [{'source': 'Wiz Research'}],
 'response': {'containment_measures': 'Vulnerability patched within 24 hours',
              'remediation_measures': 'Proper validation to prevent '
                                      'unauthorized registration attempts'},
 'title': 'Authentication Bypass Vulnerability in Base44',
 'type': 'Authentication Bypass',
 'vulnerability_exploited': 'Authentication Bypass'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.