The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-03-07T13:28:09.328Z
Updated: 2023-03-07T13:28:09.328Z
Reserved: 2023-03-07T13:28:00.575Z
Link: CVE-2020-36668
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-07T14:15:09.263
Modified: 2023-11-07T03:22:26.697
Link: CVE-2020-36668
JSON object: View
Redhat Information
No data.
CWE
No CWE.