CVE-2020-36714

Опубликовано: 20 окт. 2023

Источник: nvd

CVSS3: 7.4

CVSS3: 8.1

EPSS Низкий

Описание

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.

Ссылки

https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve
Third Party Advisory
https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:brizy:brizy:*:*:*:*:*:wordpress:*:*

Версия до 1.0.125 (включая)

EPSS

Процентиль: 35%

0.00143

Низкий

7.4 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-4jh4-mwq8-wx24

CVSS3: 7.4

github

больше 2 лет назад

EPSS

Процентиль: 35%

0.00143

Низкий

7.4 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-863