Lucene search

[email protected]CVE-2020-36666

HistoryMar 27, 2023 - 4:15 p.m.

CVE-2020-36666

2023-03-2716:15:07

[email protected]

web.nvd.nist.gov

cve

wordpress

plugin

security vulnerability

ajax

admin capabilities

user registration

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.

Affected configurations

Vulners

NVD

Node

web_directory_proweb_directory_proRange<1.9.5

wedevswp_user_frontendRange<1.2.2

e-pluginsphotographer-directoryRange<1.0.9

real-estate-scriptsreal-estate-scriptsRange<1.7.1

e-pluginsinstitutions_directoryRange<1.3.1

e-pluginslawyer_directoryRange<1.2.9

doctor_search_script_projectdoctor_search_scriptRange<1.3.6

hotel-roomhotel_roomRange<1.3.7

codeinitiatorfitness_calculatorsRange<1.4.1

simple-membership-pluginsimple_membershipRange<1.5.7

VendorProductVersionCPE
web_directory_proweb_directory_pro*cpe:2.3:a:web_directory_pro:web_directory_pro:*:*:*:*:*:*:*:*
wedevswp_user_frontend*cpe:2.3:a:wedevs:wp_user_frontend:*:*:*:*:*:*:*:*
e\-pluginsphotographer\-directory*cpe:2.3:a:e\-plugins:photographer\-directory:*:*:*:*:*:*:*:*
real\-estate\-scriptsreal\-estate\-scripts*cpe:2.3:a:real\-estate\-scripts:real\-estate\-scripts:*:*:*:*:*:*:*:*
e\-pluginsinstitutions_directory*cpe:2.3:a:e\-plugins:institutions_directory:*:*:*:*:*:*:*:*
e\-pluginslawyer_directory*cpe:2.3:a:e\-plugins:lawyer_directory:*:*:*:*:*:*:*:*
doctor_search_script_projectdoctor_search_script*cpe:2.3:a:doctor_search_script_project:doctor_search_script:*:*:*:*:*:*:*:*
hotel\-roomhotel_room*cpe:2.3:a:hotel\-room:hotel_room:*:*:*:*:*:*:*:*
codeinitiatorfitness_calculators*cpe:2.3:a:codeinitiator:fitness_calculators:*:*:*:*:*:*:*:*
simple\-membership\-pluginsimple_membership*cpe:2.3:a:simple\-membership\-plugin:simple_membership:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
web_directory_pro	web_directory_pro	*	cpe:2.3:a:web_directory_pro:web_directory_pro::::::::
wedevs	wp_user_frontend	*	cpe:2.3:a:wedevs:wp_user_frontend::::::::
e\-plugins	photographer\-directory	*	cpe:2.3:a:e\-plugins:photographer\-directory::::::::
real\-estate\-scripts	real\-estate\-scripts	*	cpe:2.3:a:real\-estate\-scripts:real\-estate\-scripts::::::::
e\-plugins	institutions_directory	*	cpe:2.3:a:e\-plugins:institutions_directory::::::::
e\-plugins	lawyer_directory	*	cpe:2.3:a:e\-plugins:lawyer_directory::::::::
doctor_search_script_project	doctor_search_script	*	cpe:2.3:a:doctor_search_script_project:doctor_search_script::::::::
hotel\-room	hotel_room	*	cpe:2.3:a:hotel\-room:hotel_room::::::::
codeinitiator	fitness_calculators	*	cpe:2.3:a:codeinitiator:fitness_calculators::::::::
simple\-membership\-plugin	simple_membership	*	cpe:2.3:a:simple\-membership\-plugin:simple_membership::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "directory-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.9.5"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "final-user-wp-frontend-user-profiles",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "producer-retailer",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "TODO"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "photographer-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "real-estate-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.7.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "institutions-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "lawyer-directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "doctor-listing",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.6"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Hotel Listing",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.7"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "fitness-trainer",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.4.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "wp-membership",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.5.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]