Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-36666

Published: 27/03/2023 Updated: 07/11/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to E-plugins

Vulnerability Summary

The directory-pro WordPress plugin prior to 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin prior to 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin prior to 1.0.9, real-estate-pro WordPress plugin prior to 1.7.1, institutions-directory WordPress plugin prior to 1.3.1, lawyer-directory WordPress plugin prior to 1.2.9, doctor-listing WordPress plugin prior to 1.3.6, Hotel Listing WordPress plugin prior to 1.3.7, fitness-trainer WordPress plugin prior to 1.4.1, wp-membership WordPress plugin prior to 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

e-plugins wp membership

e-plugins fitness trainer

e-plugins hotel directory

e-plugins hospital \\& doctor directory

e-plugins lawyer directory

e-plugins institutions directory

e-plugins real estate pro

e-plugins final user

e-plugins directory pro

e-plugins photographer-directory

e-plugins producer-retailer -

References

NVD-CWE-noinfohttps://wpscan.com/vulnerability/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96https://codecanyon.net/user/e-pluginshttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook