WordPress Plugin Vulnerabilities

Gutenberg Blocks - Ultimate Addons for Gutenberg < 1.14.8 - Authenticated Settings Change

Description

The Gutenberg Blocks – Ultimate Addons for Gutenberg WordPress plugin was affected by an Ultimate Addons for Gutenberg < 1.14.8 - Authenticated Settings Change security vulnerability.

Affects Plugins

Plugin icon
ultimate-addons-for-gutenberg
Fixed in 1.14.8

References

CVE
CVE-2020-36702
URL
https://blog.nintechnet.com/wordpress-ultimate-addons-for-gutenberg-plugin-fixed-vulnerability/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet.com)
Verified
No
WPVDB ID
a83eccd9-e656-413e-81f5-f49cb91e0a3c

Timeline

Publicly Published
2020-04-08 (about 4 years ago)
Added
2020-04-08 (about 4 years ago)
Last Updated
2023-06-08 (about 11 months ago)

Other

Published
Title
Published
2023-06-07
Title
Directorist < 7.5.5 - Subscriber+ Arbitrary User Password Reset to Privilege Escalation
Published
2024-04-25
Title
Barcode Scanner with Inventory & Order Manager < 1.5.4 - Unauthenticated Privilege Escalation
Published
2023-08-22
Title
Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation
Published
2019-08-09
Title
ND Restaurant Reservations < 1.5 - Unauthenticated Options Change
Published
2020-03-16
Title
LearnPress < 3.2.6.7 - Privilege Escalation