How severe is CVE-2020-36838?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2020-36838?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2020-36838 - HIGH Severity | CVSS 7.4

Vulnerability Description

The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.

Related Vulnerabilities

CVE-2014-0881

HIGH

CVSS:7.4(High)

The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of servi...

CWE-2842014

CVE-2014-8183

HIGH

CVSS:7.4(High)

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource ...

CWE-2842014

CVE-2016-0340

HIGH

CVSS:7.4(High)

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging...

CWE-2842016

CVE-2017-12191

HIGH

CVSS:7.4(High)

A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be ap...

CWE-2842017

CVE-2019-1890

HIGH

CVSS:7.4(High)

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, ...

CWE-2842019

CVE-2021-0232

HIGH

CVSS:7.4(High)

An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already register...

CWE-2842021