WordPress Plugin Vulnerabilities

Wordable < 3.1.2 - Plugin's Authentication Bypass

Description

This could allow an unauthenticated user to bypass the plugin authentication process and temporarily gain administrative privileges, allowing the publication of pages and posts on the blog, as well as the upload of media files.

Affects Plugins

Plugin icon
wordable
Fixed in 3.1.2

References

CVE
CVE-2020-36724
URL
https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.6 (high)

Miscellaneous

Verified
No
WPVDB ID
dc4c73ce-e60c-4177-aa44-e3db641dae3a

Timeline

Publicly Published
2020-01-28 (about 6 years ago)
Added
2020-06-03 (about 5 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2024-03-29
Title
WholesaleX < 1.3.3 - Unauthenticated Privilege Escalation
Published
2016-06-06
Title
Newspaper Theme 6.4–6.7.1 - Privilege Escalation
Published
2024-05-23
Title
Pie Register - Social Sites Login (Add on) < 1.7.8 - Unauthenticated Privilege Escalation
Published
2020-02-17
Title
wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation
Published
2026-03-25
Title
Amelia Booking < 9.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change