CVSS 3.1 Score 4.3 of 10 (medium)


Published Oct 20, 2023
Updated: Nov 7, 2023
CWE ID 352


CVE-2020-36759 is a vulnerability in the Woody code snippets plugin for WordPress, affecting versions up to 2.3.9. The vulnerability is classified as Cross-Site Request Forgery (CSRF), specifically due to missing or incorrect nonce validation on the runActions() function. This allows unauthenticated attackers to manipulate snippets by tricking site administrators into performing certain actions, such as clicking on a link. There have been 53 reported instances of this vulnerability. The risk score is 5, indicating a medium severity level. The base score is 4.3, and the exploitability score is 2.8. The impact of this vulnerability is low in terms of integrity and confidentiality, with no impact on availability. To remediate this vulnerability, users should update their Woody code snippets plugin to a version beyond 2.3.9 to ensure proper nonce validation and prevent CSRF attacks. Note: The information provided here is created based on the given text and does not represent a real cybersecurity incident or actual data from any source

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2020-36759 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options