CVE-2020-14205

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
References
Link Resource
https://wordpress.org/plugins/divebook/#developers Release Notes Vendor Advisory
https://www.hooperlabs.xyz/disclosures/divebook.php Exploit Third Party Advisory
https://wordpress.org/plugins/divebook/#developers Release Notes Vendor Advisory
https://www.hooperlabs.xyz/disclosures/divebook.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:divebook_project:divebook:1.1.4:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:02

Type Values Removed Values Added
References () https://wordpress.org/plugins/divebook/#developers - Release Notes, Vendor Advisory () https://wordpress.org/plugins/divebook/#developers - Release Notes, Vendor Advisory
References () https://www.hooperlabs.xyz/disclosures/divebook.php - Exploit, Third Party Advisory () https://www.hooperlabs.xyz/disclosures/divebook.php - Exploit, Third Party Advisory

Information

Published : 2020-12-08 20:15

Updated : 2024-11-21 05:02


NVD link : CVE-2020-14205

Mitre link : CVE-2020-14205

CVE.ORG link : CVE-2020-14205


JSON object : View

Products Affected

divebook_project

  • divebook
CWE
CWE-862

Missing Authorization