CVE-2020-36759
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2020-36759 is a vulnerability in the Woody code snippets plugin for WordPress, affecting versions up to 2.3.9. The vulnerability is classified as Cross-Site Request Forgery (CSRF), specifically due to missing or incorrect nonce validation on the runActions() function. This allows unauthenticated attackers to manipulate snippets by tricking site administrators into performing certain actions, such as clicking on a link. There have been 53 reported instances of this vulnerability. The risk score is 5, indicating a medium severity level. The base score is 4.3, and the exploitability score is 2.8. The impact of this vulnerability is low in terms of integrity and confidentiality, with no impact on availability. To remediate this vulnerability, users should update their Woody code snippets plugin to a version beyond 2.3.9 to ensure proper nonce validation and prevent CSRF attacks. Note: The information provided here is created based on the given text and does not represent a real cybersecurity incident or actual data from any source
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions