CVE-2020-36700 : The Page Builder: KingComposer plugin for WordPress is vulnerable to authorizati

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content.

Published 2023-06-07 02:15:11

Updated 2023-06-12 19:46:57

Source Wordfence

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2020-36700

King-theme » Page Builder Kingcomposer » For Wordpress
Versions up to, including, (<=) 2.9.3
cpe:2.3:a:king-theme:page_builder_kingcomposer:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-36700

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-36700

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	Wordfence
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-36700

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: security@wordfence.com (Secondary)

References for CVE-2020-36700

https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/

WordPress KingComposer Page Builder fixed multiple critical vulnerabilities. – NinTechNet
Exploit

CVEs referencing this url
https://wordpress.org/plugins/kingcomposer/#developers

Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme – WordPress plugin | WordPress.org
Product

CVEs referencing this url
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=

Changeset 2320014 for kingcomposer – WordPress Plugin Repository
Patch

CVEs referencing this url
https://www.wordfence.com/threat-intel/vulnerabilities/id/1bdba04e-df4d-4094-877e-611d69e2e25d?source=cve

Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control
Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-36700

Products affected by CVE-2020-36700

Exploit prediction scoring system (EPSS) score for CVE-2020-36700

CVSS scores for CVE-2020-36700

CWE ids for CVE-2020-36700

References for CVE-2020-36700