Vulnerability Details : CVE-2020-36700
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2020-36700
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less