Vulnerability Description
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brizy | Brizy | <= 1.0.125 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vExploitThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-936Third Party Advisory
- https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vExploitThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-936Third Party Advisory
FAQ
What is CVE-2020-36714?
CVE-2020-36714 is a vulnerability with a CVSS score of 7.4 (HIGH). The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it pos...
How severe is CVE-2020-36714?
CVE-2020-36714 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36714?
Check the references section above for vendor advisories and patch information. Affected products include: Brizy Brizy.