4.3

CVE-2020-36749

Exploit

EPSS 0.09%
Veröffentlicht 01.07.2023 06:15:09
Zuletzt bearbeitet 21.11.2024 05:30:13
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Mögliche Gegenmaßnahme

Easy Testimonials: Update to version 3.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Easy Testimonials

Version [*, 3.7)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Goldplugins ≫ Easy Testimonials SwPlatformwordpress Version < 3.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.267

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

Not Applicable

https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/

Third Party Advisory

Exploit

Technical Description

https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/

Not Applicable

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/

Not Applicable

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/

Not Applicable

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/

Not Applicable

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/

Not Applicable

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2370405%40easy-testimonials&new=2370405%40easy-testimonials&sfp_email=&sfph_mail=

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/8da49c2e-576c-490b-b812-96d15b6d2b1b?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/8da49c2e-576c-490b-b812-96d15b6d2b1b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-36749

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-36749

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-36749

EUVD