CVE-2020-20634 β€” Incorrect Permission Assignment in Website Builder

CWE-732 β€” Incorrect Permission Assignment4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elementor Website Builder
Timeline
PublishedAug 21
Latest updateMay 24

Description

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

πŸ”΄Vulnerability Details

3
GHSA
GHSA-3mm6-4hpm-pgrc: Elementor 2β†—2022-05-24
β–Ά
CVEList
CVE-2020-20634: Elementor 2β†—2020-08-21
β–Ά
VulnCheck
Elementor 2.9.5 and below WordPress plugin Vulnerability↗2020
β–Ά
CVE-2020-20634 β€” Incorrect Permission Assignment | cvebase