CVE-2020-36840

CVSS V2 None CVSS V3 None
Description
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.
Overview
  • CVE ID
  • CVE-2020-36840
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-10-16T07:31:50.702Z
  • Last Modified Date
  • 2024-10-16T17:26:20.758Z
History
Created Old Value New Value Data Type Notes
2024-10-17 12:03:51 Added to TrackCVE