Cyber Resilience

CVE-2020-36666

HighPublic PoC

Published: 27 March 2023

Published
27 March 2023
Modified
19 February 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0062 70.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-36666 is a high-severity an unspecified weakness vulnerability in E-Plugins Directory Pro. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 29.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before…

more

1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

e-plugins
directory pro
≤ 1.9.5
e-plugins
final user
≤ 1.2.2
e-plugins
fitness trainer
≤ 1.4.1
e-plugins
hospital \& doctor directory
≤ 1.3.6
e-plugins
hotel directory
≤ 1.3.7
e-plugins
institutions directory
≤ 1.3.1
e-plugins
lawyer directory
≤ 1.2.9
e-plugins
photographer-directory
≤ 1.0.9
e-plugins
producer-retailer
all versions
e-plugins
real estate pro
≤ 1.7.1
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References