Lucene search

K
cve[email protected]CVE-2020-36666
HistoryMar 27, 2023 - 4:15 p.m.

CVE-2020-36666

2023-03-2716:15:07
web.nvd.nist.gov
17
cve
wordpress
plugin
security vulnerability
ajax
admin capabilities
user registration
nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.

Affected configurations

Vulners
NVD
Node
web_directory_proweb_directory_proRange<1.9.5
OR
wedevswp_user_frontendRange<1.2.2
OR
e-pluginsphotographer-directoryRange<1.0.9
OR
real-estate-scriptsreal-estate-scriptsRange<1.7.1
OR
e-pluginsinstitutions_directoryRange<1.3.1
OR
e-pluginslawyer_directoryRange<1.2.9
OR
doctor_search_script_projectdoctor_search_scriptRange<1.3.6
OR
hotel-roomhotel_roomRange<1.3.7
OR
codeinitiatorfitness_calculatorsRange<1.4.1
OR
simple-membership-pluginsimple_membershipRange<1.5.7
VendorProductVersionCPE
web_directory_proweb_directory_pro*cpe:2.3:a:web_directory_pro:web_directory_pro:*:*:*:*:*:*:*:*
wedevswp_user_frontend*cpe:2.3:a:wedevs:wp_user_frontend:*:*:*:*:*:*:*:*
e\-pluginsphotographer\-directory*cpe:2.3:a:e\-plugins:photographer\-directory:*:*:*:*:*:*:*:*
real\-estate\-scriptsreal\-estate\-scripts*cpe:2.3:a:real\-estate\-scripts:real\-estate\-scripts:*:*:*:*:*:*:*:*
e\-pluginsinstitutions_directory*cpe:2.3:a:e\-plugins:institutions_directory:*:*:*:*:*:*:*:*
e\-pluginslawyer_directory*cpe:2.3:a:e\-plugins:lawyer_directory:*:*:*:*:*:*:*:*
doctor_search_script_projectdoctor_search_script*cpe:2.3:a:doctor_search_script_project:doctor_search_script:*:*:*:*:*:*:*:*
hotel\-roomhotel_room*cpe:2.3:a:hotel\-room:hotel_room:*:*:*:*:*:*:*:*
codeinitiatorfitness_calculators*cpe:2.3:a:codeinitiator:fitness_calculators:*:*:*:*:*:*:*:*
simple\-membership\-pluginsimple_membership*cpe:2.3:a:simple\-membership\-plugin:simple_membership:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "directory-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.9.5"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "final-user-wp-frontend-user-profiles",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "producer-retailer",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "TODO"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "photographer-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "real-estate-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.7.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "institutions-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "lawyer-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "doctor-listing",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.6"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Hotel Listing",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.7"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "fitness-trainer",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.4.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "wp-membership",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.5.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%