8.8
CVE-2020-36698
- EPSS 0.26%
- Veröffentlicht 20.10.2023 07:15:14
- Zuletzt bearbeitet 21.11.2024 05:30:05
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSecurity & Malware scan by CleanTalk <= 2.50 - Missing Authorization
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.
Mögliche Gegenmaßnahme
Login Security, FireWall, Malware removal by CleanTalk: Update to version 2.51, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Login Security, FireWall, Malware removal by CleanTalk
Version
*-2.50
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cleantalk ≫ Security & Malware Scan SwPlatformwordpress Version < 2.51
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.493 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.