CVE-2020-14205

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
References
Link Resource
https://wordpress.org/plugins/divebook/#developers Release Notes Vendor Advisory
https://www.hooperlabs.xyz/disclosures/divebook.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:divebook_project:divebook:1.1.4:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2020-12-08 20:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-14205

Mitre link : CVE-2020-14205

CVE.ORG link : CVE-2020-14205


JSON object : View

Products Affected

divebook_project

  • divebook
CWE
CWE-862

Missing Authorization