CVE-2020-36702
First published: Wed Jun 07 2023(Updated: )
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Brainstorm Force Spectra | <=1.14.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the Ultimate Addons for Gutenberg plugin vulnerability?
The vulnerability ID is CVE-2020-36702.
What is the severity of CVE-2020-36702?
The severity of CVE-2020-36702 is medium with a severity value of 4.3.
Which version of the Ultimate Addons for Gutenberg plugin is affected by CVE-2020-36702?
Versions up to and including 1.14.7 of the Ultimate Addons for Gutenberg plugin are affected by CVE-2020-36702.
What is the impact of the Ultimate Addons for Gutenberg plugin vulnerability?
Authenticated attackers with subscriber+ roles can exploit this vulnerability to update plugin settings.
Are there any fixes available for CVE-2020-36702?
Yes, a fix for CVE-2020-36702 has been released for the Ultimate Addons for Gutenberg plugin.
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/brainstormforce
- canonical/brainstorm force spectra
- version/brainstorm force spectra/1.14.7