CVE-2020-36669
The CVE applies to the WordPress plugin JetBackup – WP Backup, Migrate & Restore, affected up to version 1.3.9. The root cause is missing nonce validation in the backup_guard_get_import_backup() function, enabling Cross-Site Request Forgery that can let unauthenticated attackers upload arbitrary ...