CVE-2020-36666

Exploit

EPSS 0.28%
Veröffentlicht 27.03.2023 16:15:07
Zuletzt bearbeitet 19.02.2025 20:15:32
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.

Mögliche Gegenmaßnahme

Directory Pro: Update to version 1.9.5, or a newer patched version

Hospital & Doctor Directory: Update to version 1.3.6, or a newer patched version

Final User - WP Front-end User Profiles: Update to version 1.2.2, or a newer patched version

Fitness Trainer- Training Membership Plugin: Update to version 1.4.1, or a newer patched version

Hotel Listing: Update to version 1.3.7, or a newer patched version

Institutions Directory: Update to version 1.3.1, or a newer patched version

Lawyer Directory: Update to version 1.2.9, or a newer patched version

Photographer Directory: Update to version 1.0.9, or a newer patched version

producer-retailer: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Real Estate Pro - WordPress Plugin: Update to version 1.7.1, or a newer patched version

WP Membership: Update to version 1.5.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Directory Pro

Version [*, 1.9.5)

SystemWordPress Plugin

≫

Produkt Hospital & Doctor Directory

Version [*, 1.3.6)

SystemWordPress Plugin

≫

Produkt Final User - WP Front-end User Profiles

Version [*, 1.2.2)

SystemWordPress Plugin

≫

Produkt Fitness Trainer- Training Membership Plugin

Version [*, 1.4.1)

SystemWordPress Plugin

≫

Produkt Hotel Listing

Version [*, 1.3.7)

SystemWordPress Plugin

≫

Produkt Institutions Directory

Version [*, 1.3.1)

SystemWordPress Plugin

≫

Produkt Lawyer Directory

Version [*, 1.2.9)

SystemWordPress Plugin

≫

Produkt Photographer Directory

Version [*, 1.0.9)

SystemWordPress Plugin

≫

Produkt producer-retailer

Version *

SystemWordPress Plugin

≫

Produkt Real Estate Pro - WordPress Plugin

Version [*, 1.7.1)

SystemWordPress Plugin

≫

Produkt WP Membership

Version [*, 1.5.7)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

E-plugins ≫ Directory Pro SwPlatformwordpress Version < 1.9.5

E-plugins ≫ Final User SwPlatformwordpress Version < 1.2.2

E-plugins ≫ Fitness Trainer SwPlatformwordpress Version < 1.4.1

E-plugins ≫ Hospital & Doctor Directory SwPlatformwordpress Version < 1.3.6

E-plugins ≫ Hotel Directory SwPlatformwordpress Version < 1.3.7

E-plugins ≫ Institutions Directory SwPlatformwordpress Version < 1.3.1

E-plugins ≫ Lawyer Directory SwPlatformwordpress Version < 1.2.9

E-plugins ≫ Photographer-directory SwPlatformwordpress Version < 1.0.9

E-plugins ≫ Producer-retailer Version- SwPlatformwordpress

E-plugins ≫ Real Estate Pro SwPlatformwordpress Version < 1.7.1

E-plugins ≫ Wp Membership SwPlatformwordpress Version < 1.5.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.514

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://codecanyon.net/user/e-plugins

Product

https://wpscan.com/vulnerability/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-36666

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-36666

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-36666

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-36666