Vulnerability Details : CVE-2020-36696
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2020-36696
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less