CVE-2020-36759

Summary

CVE-2020-36759 is a vulnerability in the Woody code snippets plugin for WordPress, affecting versions up to 2.3.9. The vulnerability is classified as Cross-Site Request Forgery (CSRF), specifically due to missing or incorrect nonce validation on the runActions() function. This allows unauthenticated attackers to manipulate snippets by tricking site administrators into performing certain actions, such as clicking on a link. There have been 53 reported instances of this vulnerability. The risk score is 5, indicating a medium severity level. The base score is 4.3, and the exploitability score is 2.8. The impact of this vulnerability is low in terms of integrity and confidentiality, with no impact on availability. To remediate this vulnerability, users should update their Woody code snippets plugin to a version beyond 2.3.9 to ensure proper nonce validation and prevent CSRF attacks. Note: The information provided here is created based on the given text and does not represent a real cybersecurity incident or actual data from any source

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.