CVE-2020-36833
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/10/2024
Last modified:
16/10/2024
Description
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM