CVE-2020-36831

Опубликовано: 16 окт. 2024

Источник: nvd

CVSS3: 5

CVSS3: 6.5

EPSS Низкий

Описание

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.

Ссылки

https://blog.sucuri.net/2020/09/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.html
Third Party Advisory
https://wpscan.com/vulnerability/0641578b-16b9-4d79-af69-b4886840da36
Third Party Advisory
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-nextscripts-social-networks-auto-poster-security-bypass-4-3-17/
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/3709465d-6d67-45bd-abb9-4875065b8129?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextscripts:social_networks_auto_poster:*:*:*:*:*:wordpress:*:*

Версия до 4.3.18 (исключая)

EPSS

Процентиль: 49%

0.00261

Низкий

5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-284

CWE-862

Связанные уязвимости

GHSA-4pfx-jfj6-q6ch

CVSS3: 5

github

больше 1 года назад

EPSS

Процентиль: 49%

0.00261

Низкий

5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-284

CWE-862