CVE-2020-36720

HIGH Year: 2020
CVSS v3 Score
7.1
High
Weakness Type
CWE-862
View all →

Vulnerability Description

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.

Related Vulnerabilities

CVE-2018-14985

HIGH
CVSS:7.1(High)

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.a...

CWE-8622018

CVE-2018-15005

HIGH
CVSS:7.1(High)

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm...

CWE-8622018

CVE-2018-17490

HIGH
CVSS:7.1(High)

EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes...

CWE-8622018

CVE-2019-14822

HIGH
CVSS:7.1(High)

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server ...

CWE-8622019

CVE-2020-13425

HIGH
CVSS:7.1(High)

TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.

CWE-8622020

CVE-2021-41803

HIGH
CVSS:7.1(High)

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1...

CWE-8622021