CVE-2020-36729 : The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due

The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog.

Published 2023-06-07 02:15:13

Updated 2023-06-13 15:46:09

Source Wordfence

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2020-36729

2joomla » 2j Slideshow » For Wordpress
Versions up to, including, (<=) 1.3.31
cpe:2.3:a:2joomla:2j_slideshow:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-36729

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-36729

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	2.8	2.5	Wordfence
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low

CWE ids for CVE-2020-36729

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: security@wordfence.com (Secondary)
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-36729

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2226528%402j-slideshow&new=2226528%402j-slideshow&sfp_email=&sfph_mail=

Changeset 2226528 for 2j-slideshow – WordPress Plugin Repository
Patch
https://blog.nintechnet.com/wordpress-2j-slideshow-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/

WordPress 2J SlideShow plugin fixed authenticated arbitrary plugin deactivation vulnerability. – NinTechNet
Exploit
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-images-slideshow-by-2j-image-slider-security-bypass-1-3-31/

WordPress Plugin Images Slideshow by 2J-Image Slider Security Bypass (1.3.31) - Vulnerabilities - Acunetix
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f06d1b9e-e27d-4c43-a69b-7641518e4615?source=cve

Slideshow, Image Slider by 2J <= 1.3.31 - Authorization Bypass
Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-36729

Products affected by CVE-2020-36729

Exploit prediction scoring system (EPSS) score for CVE-2020-36729

CVSS scores for CVE-2020-36729

CWE ids for CVE-2020-36729

References for CVE-2020-36729