The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.
References
Link | Resource |
---|---|
https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/ | Exploit Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-10-20T07:29:23.827Z
Updated: 2023-10-20T07:29:23.827Z
Reserved: 2023-06-06T13:00:52.765Z
Link: CVE-2020-36714
JSON object: View
NVD Information
Status : Modified
Published: 2023-10-20T08:15:11.020
Modified: 2023-11-07T03:22:28.823
Link: CVE-2020-36714
JSON object: View
Redhat Information
No data.
CWE