Researchers at cloud security giant Wiz have discovered a critical vulnerability in the vibe coding platform Base44 that could have been exploited to gain access to private applications and sensitive data belonging to enterprises that use it.
Base44, recently acquired by website-building giant Wix, is a vibe coding platform reportedly used by thousands of enterprises. Vibe coding enables users to generate code based on natural language prompts fed to AI tools.
Wiz researchers recently analyzed Base44’s publicly accessible assets and discovered some API endpoints that could be abused to bypass authentication.
They found that endpoints designed for registering a new user with an email address and password and verifying the user with a one-time password did not require authentication, enabling anyone to register for private applications as long as they had the target’s ‘app_id’ value.
Learn More About Securing AI at SecurityWeek’s AI Risk Summit – August 19-20, 2025 at the Ritz-Carlton, Half Moon Bay
The researchers quickly discovered that the required ‘app_id’ was hardcoded in each application’s URI and manifest.json file path. This enabled them to register new user accounts for applications they did not own.
“During our research we managed to confirm authentication bypass was available across several enterprise applications that utilized the popular vibe coding platform for internal chatbots, knowledge bases, PII & HR operations – significant sensitive data that could have been leaked to unauthorized attackers,” Wiz explained.
The company added, “What made this vulnerability particularly concerning was its simplicity – requiring only basic API knowledge to exploit. This low barrier to entry meant that attackers could systematically compromise multiple applications across the platform with minimal technical sophistication.”
Wix patched the vulnerability within 24 hours of being notified and its investigation showed that it had not been exploited in the wild prior to the fix being rolled out. Since the patch was applied on the server side, customers do not need to take any action.
Related: Should We Trust AI? Three Approaches to AI Fallibility
Related: Google Says AI Agent Thwarted Exploitation of Critical Vulnerability
Related: Google Gemini Tricked Into Showing Phishing Message Hidden in Email
