CVE-2020-36714

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 20, 2023
Updated: Nov 7, 2023
CWE ID 863

Summary

CVE-2020-36714 is a vulnerability affecting the Brizy plugin for WordPress. Before version 1.0.126, this plugin incorrectly checks capabilities on the is_administrator() function, leading to an authorization bypass. Consequently, authenticated attackers can access and interact with available AJAX functions, potentially causing unintended actions or data manipulation. This issue poses a significant risk to websites utilizing the Brizy plugin and should be addressed promptly through an update to a patched version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share