1. Home
  2. CVE Database
  3. CVE-2020-36833
MEDIUM · 6.3

CVE-2020-36833

The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenti...

Vulnerability Description

The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2020-36833?

CVE-2020-36833 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenti...

How severe is CVE-2020-36833?

CVE-2020-36833 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-36833?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.