What is CVE-2020-36670?

CVE-2020-36670 is a medium-severity vulnerability in Webaways Nex-forms – Ultimate Forms Plugin For Wordpress, classified under Missing Authorization. CVSS score: 6.3/10. Published 2023-03-07.

How severe is CVE-2020-36670?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2020-36670 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Webaways Nex-forms – Ultimate Forms Plugin For Wordpress

CVE-2020-36670

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated…

Vulnerability class: Broken Access Control

EPSS: 0.002 (37.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Webaways Nex-forms – Ultimate Forms Plugin For Wordpress — versions 0

Weakness classification (CWE)

CWE-862 — Missing Authorization

Public proof-of-concept exploits

20142995/nuclei-templates

References

Frequently asked questions

What is CVE-2020-36670?: CVE-2020-36670 is a medium-severity vulnerability in Webaways Nex-forms – Ultimate Forms Plugin For Wordpress, classified under Missing Authorization. CVSS score: 6.3/10. Published 2023-03-07.
How severe is CVE-2020-36670?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2020-36670 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.