The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/divebook/#developers | Release Notes Vendor Advisory |
https://www.hooperlabs.xyz/disclosures/divebook.php | Exploit Third Party Advisory |
https://wordpress.org/plugins/divebook/#developers | Release Notes Vendor Advisory |
https://www.hooperlabs.xyz/disclosures/divebook.php | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:02
Type | Values Removed | Values Added |
---|---|---|
References | () https://wordpress.org/plugins/divebook/#developers - Release Notes, Vendor Advisory | |
References | () https://www.hooperlabs.xyz/disclosures/divebook.php - Exploit, Third Party Advisory |
Information
Published : 2020-12-08 20:15
Updated : 2024-11-21 05:02
NVD link : CVE-2020-14205
Mitre link : CVE-2020-14205
CVE.ORG link : CVE-2020-14205
JSON object : View
Products Affected
divebook_project
- divebook
CWE
CWE-862
Missing Authorization