CVE-2020-36837

The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://raw.githubusercontent.com/themegrill/themegrill-demo-importer/master/CHANGELOG.txt
https://www.openwall.com/lists/oss-security/2020/02/19/1
https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=cve

Configurations

No configuration.

History

16 Oct 2024, 16:38

Type	Values Removed	Values Added
Summary		(es) El complemento ThemeGrill Demo Importer para WordPress es vulnerable a la omisión de autenticación debido a una verificación de capacidad faltante en la función reset_wizard_actions en las versiones 1.3.4 a 1.6.1. Esto hace posible que los atacantes autenticados restablezcan la base de datos de WordPress. Después de eso, si hay un usuario llamado 'admin', el atacante iniciará sesión automáticamente como administrador.

16 Oct 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-16 07:15

Updated : 2024-10-16 16:38

NVD link : CVE-2020-36837

Mitre link : CVE-2020-36837

CVE.ORG link : CVE-2020-36837

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

{"id": "CVE-2020-36837", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2024-10-16T07:15:08.927", "references": [{"url": "https://raw.githubusercontent.com/themegrill/themegrill-demo-importer/master/CHANGELOG.txt", "source": "security@wordfence.com"}, {"url": "https://www.openwall.com/lists/oss-security/2020/02/19/1", "source": "security@wordfence.com"}, {"url": "https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator."}, {"lang": "es", "value": "El complemento ThemeGrill Demo Importer para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n reset_wizard_actions en las versiones 1.3.4 a 1.6.1. Esto hace posible que los atacantes autenticados restablezcan la base de datos de WordPress. Despu\u00e9s de eso, si hay un usuario llamado 'admin', el atacante iniciar\u00e1 sesi\u00f3n autom\u00e1ticamente como administrador."}], "lastModified": "2024-10-16T16:38:14.557", "sourceIdentifier": "security@wordfence.com"}