Multiple e-plugins - Subscriber+ Privilege Escalation
CVE-2020-36666
Summary
The affected E-Plugins WordPress plugins fail to implement adequate security measures for certain AJAX calls, leading to a vulnerability that could allow logged-in users to gain unauthorized admin privileges. This occurs through the function iv_directories_update_profile_setting(), which improperly processes data from AJAX requests without sufficient validation. As these plugins permit user registration through custom forms, this vulnerability poses a significant risk to websites utilizing them.
Affected Version(s)
directory-pro 0 < 1.9.5
doctor-listing 0 < 1.3.6
final-user-wp-frontend-user-profiles 0 < 1.2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved