8.1
CVE-2020-36714
- EPSS 0.14%
- Veröffentlicht 20.10.2023 08:15:11
- Zuletzt bearbeitet 16.01.2025 15:08:00
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginBrizy < 1.0.126 - Authorization Bypass to Settings Updates
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.
Mögliche Gegenmaßnahme
Brizy – Page Builder: Update to version 1.0.126, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Brizy – Page Builder
Version
[*, 1.0.126)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| security@wordfence.com | 7.4 | 3.1 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.