CVE-2020-36666
published 2023-03-27CVE-2020-36666: The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through…
PriorityP346high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.91%
55.3th percentile
The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| e-plugins | directory_pro | < 1.9.5 | 1.9.5 |
| e-plugins | final_user | < 1.2.2 | 1.2.2 |
| e-plugins | fitness_trainer | < 1.4.1 | 1.4.1 |
| e-plugins | hospital_doctor_directory | < 1.3.6 | 1.3.6 |
| e-plugins | hotel_directory | < 1.3.7 | 1.3.7 |
| e-plugins | institutions_directory | < 1.3.1 | 1.3.1 |
| e-plugins | lawyer_directory | < 1.2.9 | 1.2.9 |
| e-plugins | photographer-directory | < 1.0.9 | 1.0.9 |
| e-plugins | real_estate_pro | < 1.7.1 | 1.7.1 |
| e-plugins | wp_membership | < 1.5.7 | 1.5.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-27
Published