CVE-2020-36670

MEDIUM Year: 2020
CVSS v3 Score
6.3
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.

Related Vulnerabilities

CVE-2016-3563

MEDIUM
CVSS:6.3(Medium)

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors re...

NVD-CWE-Other2016

CVE-2017-10153

MEDIUM
CVSS:6.3(Medium)

Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Gson)). Supported versions that are affected are 7.0, 7.1 ...

NVD-CWE-Other2017

CVE-2017-10163

MEDIUM
CVSS:6.3(Medium)

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 1...

NVD-CWE-Other2017

CVE-2017-10385

MEDIUM
CVSS:6.3(Medium)

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerabi...

NVD-CWE-Other2017

CVE-2017-10393

MEDIUM
CVSS:6.3(Medium)

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerabi...

NVD-CWE-Other2017

CVE-2017-18711

MEDIUM
CVSS:6.3(Medium)

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 be...

NVD-CWE-Other2017