2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2020-36666" ,
"sourceIdentifier" : "contact@wpscan.com" ,
"published" : "2023-03-27T16:15:07.660" ,
2025-02-19 21:03:55 +00:00
"lastModified" : "2025-02-19T20:15:32.657" ,
2023-11-07 21:03:21 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.9
2025-02-19 21:03:55 +00:00
} ,
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.9
2023-04-24 12:24:31 +02:00
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-noinfo"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:directory_pro:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.9.5" ,
"matchCriteriaId" : "31F0181B-5A20-4763-BD9D-CE4D499E7DB4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:final_user:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.2.2" ,
"matchCriteriaId" : "06E8267D-F3D1-4A06-98BE-8CB4166360ED"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:fitness_trainer:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.4.1" ,
"matchCriteriaId" : "B57E0B5F-862E-4177-92CA-436F6A42F0A3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:hospital_\\&_doctor_directory:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.3.6" ,
"matchCriteriaId" : "56F3DE3F-DC1B-4B5E-A69B-379959F8B3B6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:hotel_directory:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.3.7" ,
"matchCriteriaId" : "EEF4016F-DB85-4292-9AA4-86C8E18BC9B1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:institutions_directory:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.3.1" ,
"matchCriteriaId" : "F165F482-9F35-4816-A26B-1D113811CC50"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:lawyer_directory:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.2.9" ,
"matchCriteriaId" : "B3BB1A8C-B840-40A6-8EF9-8B9C49B08753"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:photographer-directory:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.0.9" ,
"matchCriteriaId" : "DBD568E6-7564-4426-9E8F-24275D742815"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:producer-retailer:-:*:*:*:*:wordpress:*:*" ,
"matchCriteriaId" : "B638E795-54A3-4FAD-B591-E1F614AC5D3D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:real_estate_pro:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.7.1" ,
"matchCriteriaId" : "879CE44B-729B-432F-8E10-CF319C1DE55E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:e-plugins:wp_membership:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "1.5.7" ,
"matchCriteriaId" : "32A8B6A1-DE2D-482D-ADC9-2393BC819F61"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://codecanyon.net/user/e-plugins" ,
"source" : "contact@wpscan.com" ,
"tags" : [
"Product"
]
} ,
{
"url" : "https://wpscan.com/vulnerability/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96" ,
"source" : "contact@wpscan.com" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://codecanyon.net/user/e-plugins" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Product"
]
} ,
{
"url" : "https://wpscan.com/vulnerability/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
