Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2020-36724

Published: 07/06/2023 Updated: 07/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Wordable

Vulnerability Summary

The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an malicious user to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated malicious users to gain administrator privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordable wordable

References

CWE-306https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=cvehttps://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook