One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8316370 |
| Date de publication | 2023-03-07 16:15:09 (vue: 2023-03-07 18:06:48) |
| Titre | CVE-2020-36670 |
| Texte | The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2020 36670 above actions ajax attackers authenticated can capability checks cve data deleting disclosure due emails files form forms functions including invoke level like makes missing modification modify modifying more nex perform permissions plugin possible records sending settings several submission subscriber test these unauthorized used versions vulnerable which wordpress |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.