Lucene search

K
cve[email protected]CVE-2020-36721
HistoryJun 07, 2023 - 2:15 a.m.

CVE-2020-36721

2023-06-0702:15:12
CWE-862
web.nvd.nist.gov
19
cve-2020-36721
wordpress
vulnerability
plugin activation
plugin deactivation
security issue

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the ‘activello_activate_plugin’ and ‘activello_deactivate_plugin’ functions in the ‘inc/welcome-screen/class-activello-welcome.php’ file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site.

Affected configurations

Vulners
NVD
Node
silkalnsnewspaper_xRange1.3.1
OR
wpchillbrillianceRange1.2.7
OR
silkalnsactivelloRange1.4.0
VendorProductVersionCPE
wpchillbrilliance*cpe:2.3:a:wpchill:brilliance:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "silkalns",
    "product": "Newspaper X",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.3.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "wpchill",
    "product": "Brilliance",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.2.7",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "silkalns",
    "product": "Activello",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.4.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

Related for CVE-2020-36721