Authenticated Settings Change in Ultimate Addons for Gutenberg Plugin by WordPress
CVE-2020-36702
5.5MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 7 June 2023
What is CVE-2020-36702?
The Ultimate Addons for Gutenberg plugin for WordPress is susceptible to unauthorized settings alterations due to inadequate capability checks on several AJAX actions. This vulnerability allows authenticated attackers with subscriber or higher roles to modify plugin settings, potentially leading to unauthorized changes in the site configuration and user experience.
Affected Version(s)
Spectra – WordPress Gutenberg Blocks * <= 1.14.7