CVE-2020-36730

CRITICAL Year: 2020
CVSS v3 Score
9.3
Critical
Weakness Type
CWE-862
View all →

Vulnerability Description

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.

Related Vulnerabilities

CVE-2023-6038

CRITICAL
CVSS:9.3(Critical)

A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2...

CWE-8622023

CVE-2018-10866

CRITICAL
CVSS:9.1(Critical)

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file wi...

CWE-8622018

CVE-2018-7702

CRITICAL
CVSS:9.1(Critical)

SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and a...

CWE-8622018

CVE-2019-18581

CRITICAL
CVSS:9.1(Critical)

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A re...

CWE-8622019

CVE-2019-19885

CRITICAL
CVSS:9.1(Critical)

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorizatio...

CWE-8622019

CVE-2020-19038

CRITICAL
CVSS:9.1(Critical)

File Deletion vulnerability in Halo 0.4.3 via delBackup.

CWE-8622020