A serious vulnerability in the AI-driven development platform Base44, recently acquired by website builder Wix, has been uncovered by security researchers.
The flaw allowed unauthorized users to register and access private applications, bypassing authentication systems including Single Sign-On (SSO).
The issue, discovered on July 9, 2025 by Wiz Research, stemmed from exposed API endpoints on Base44’s “vibe coding” platform. Attackers could create a verified account on private apps using only an app_id, which was publicly accessible in app URLs and manifest files.
No authentication was required to access two key API endpoints, register and OTP verification, making it possible to gain entry to apps that were supposedly SSO-restricted.
“By providing only a non-secret app_id value to undocumented registration and email verification endpoints, an attacker could have created a verified account for private applications on their platform,” Wiz researchers said.
Read more on AI development platform security: UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Development
Fast Patch, No Signs of Exploitation
Wiz Research responsibly disclosed the issue to both Base44 and Wix. A patch was rolled out within 24 hours, with Wix confirming that the vulnerability was fixed and no evidence of exploitation had been found.
The vulnerability could have affected enterprise apps handling:
-
HR and personal identifiable information (PII)
-
Internal chatbots and knowledge bases
-
Automation tools used in day-to-day operations
Wiz identified vulnerable apps using public reconnaissance methods such as CNAME record tracing and HTML-based platform signatures. Several organizations were alerted directly.
Systemic Risk in “Vibe Coding” Platforms
The flaw highlights broader risks in the “vibe coding” model, where AI handles app development and user inputs are minimal. These platforms rely on shared infrastructure, so that one vulnerability could potentially jeopardize every application built on the system.
Wiz noted that while discussions around AI security often focus on prompt injection or model poisoning, basic control failures, like broken authentication, pose a more immediate threat.
The company also said it verified that the fix effectively closed the loophole. No customer action is required, though organizations are encouraged to review their analytics for suspicious activity before July 9.
