CVE-2020-36667

CVSS V2 None CVSS V3 None
Description
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.
Overview
  • CVE ID
  • CVE-2020-36667
  • Assigner
  • security@wordfence.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-07T14:15:09
  • Last Modified Date
  • 2023-03-17T13:35:04
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:jetbackup:jetbackup:*:*:*:*:*:wordpress:*:* 1 OR 1.4.1
History
Created Old Value New Value Data Type Notes
2023-04-17 06:02:04 Added to TrackCVE
2023-04-17 06:02:07 Weakness Enumeration new