CVE-2020-36724 : The Wordable plugin for WordPress is vulnerable to authentication bypass in vers

The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.

Published 2023-06-07 02:15:12

Updated 2023-06-13 13:57:47

Source Wordfence

View at NVD, CVE.org

Products affected by CVE-2020-36724

Wordable » Wordable » For Wordpress
Versions up to, including, (<=) 3.1.1
cpe:2.3:a:wordable:wordable:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-36724

EPSS FAQ

0.52%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-36724

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	Wordfence
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-36724

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Assigned by: security@wordfence.com (Secondary)
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-36724

https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.php

Changeset 2234193 for wordable/trunk/wordable.php – WordPress Plugin Repository
Patch
https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/

WordPress Plugins and Themes Vulnerabilities Roundup. – NinTechNet
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve

Wordable <= 3.1.1 - Authentication Bypass
Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-36724

Products affected by CVE-2020-36724

Exploit prediction scoring system (EPSS) score for CVE-2020-36724

CVSS scores for CVE-2020-36724

CWE ids for CVE-2020-36724

References for CVE-2020-36724