CVE-2020-36666

🗓️ 27 Mar 2023 15:37:27Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 59 Views🌐 WEB

CVE-2020-36666: Multiple WordPress plugins before specific versions allow unauthorized admin capabilities via AJAX calls

Reporter	Title	Published	Views	Family All 20
CNNVD	WordPress plugin directory-pro 安全漏洞	27 Mar 202300:00	–	cnnvd
Cvelist	CVE-2020-36666 Multiple e-plugins - Subscriber+ Privilege Escalation	27 Mar 202315:37	–	cvelist
EUVD	EUVD-2020-24108	7 Oct 202500:30	–	euvd
NVD	CVE-2020-36666	27 Mar 202316:15	–	nvd
Patchstack	WordPress final-user-wp-frontend-user-profiles Plugin < 1.2.2 is vulnerable to Privilege Escalation	28 Mar 202300:00	–	patchstack
Patchstack	WordPress fitness-trainer Plugin < 1.4.1 is vulnerable to Privilege Escalation	28 Mar 202300:00	–	patchstack
Patchstack	WordPress doctor-listing Plugin < 1.3.6 is vulnerable to Privilege Escalation	28 Mar 202300:00	–	patchstack
Patchstack	WordPress institutions-directory Plugin < 1.3.1 is vulnerable to Privilege Escalation	28 Mar 202300:00	–	patchstack
Patchstack	WordPress lawyer-directory Plugin < 1.2.9 is vulnerable to Privilege Escalation	28 Mar 202300:00	–	patchstack
Patchstack	WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation	28 Mar 202300:00	–	patchstack

NVD

Vulners

Node

e-plugins directory_proRange<1.9.5wordpress

e-plugins final_userRange<1.2.2wordpress

e-plugins fitness_trainerRange<1.4.1wordpress

e-plugins hospital_&_doctor_directoryRange<1.3.6wordpress

e-plugins hotel_directoryRange<1.3.7wordpress

e-plugins institutions_directoryRange<1.3.1wordpress

e-plugins lawyer_directoryRange<1.2.9wordpress

e-plugins photographer-directoryRange<1.0.9wordpress

e-plugins producer-retailerMatch-wordpress

e-plugins real_estate_proRange<1.7.1wordpress

e-plugins wp_membershipRange<1.5.7wordpress

[
  {
    "vendor": "Unknown",
    "product": "directory-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.9.5"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "final-user-wp-frontend-user-profiles",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "producer-retailer",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "TODO"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "photographer-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "real-estate-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.7.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "institutions-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "lawyer-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "doctor-listing",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.6"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Hotel Listing",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.7"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "fitness-trainer",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.4.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "wp-membership",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.5.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
codecanyon	www.codecanyon.net/user/e-plugins
wpscan	www.wpscan.com/vulnerability/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96

Parameter	Position	Path	Description	CWE
form_data	request body	/wp-admin/admin-ajax.php	Insecure AJAX action that updates user data (e.g., wp_capabilities) allowing privilege escalation to admin
form_data	request body	/wp-admin/admin-ajax.php	Insecure AJAX action that updates user data (e.g., user_role=administrator) enabling admin privilege via ep_finaluser_update_user_settings

19 Feb 2025 20:15Current

8.4High risk

Vulners AI Score8.4

CVSS 3.18.8

EPSS0.00624

SSVC