Cyber Resilience

CVE-2020-36852

Critical

Published: 01 October 2025

Published
01 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0011 28.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-36852 is a critical-severity Missing Authorization (CWE-862) vulnerability in Wordfence (inferred from references). Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2020-36852 is a critical vulnerability in the Custom Searchable Data Entry System plugin for WordPress, affecting versions up to and including 1.7.1. It stems from a missing capability check and insufficient validation in the ghazale_sds_delete_entries_table_row() function, enabling unauthenticated database wiping. Attackers can completely delete key database tables, such as wp_users, resulting in a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) and mapping to CWE-862 (Missing Authorization).

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By invoking the vulnerable function, they achieve high-impact integrity and availability disruption, potentially wiping entire database tables and rendering the site inoperable, including loss of user data.

Wordfence advisories, referenced in the top sources, highlight active exploitation attempts against this zero-day vulnerability. Security practitioners should review the detailed threat intelligence and blog post for indicators of compromise and recommended mitigations, such as plugin deactivation or upgrade if available beyond version 1.7.1.

This vulnerability saw real-world active attacks as a zero-day, per Wordfence reporting from March 2020, underscoring the risks of unpatched WordPress plugins.

EU & UK References

Vulnerability details

The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazale_sds_delete_entries_table_row() function. This makes it…

more

possible for unauthenticated attackers to completely wipe database tables such as wp_users.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

Vulnerability in public-facing WordPress plugin directly enables remote unauthenticated exploitation (T1190) resulting in arbitrary database table deletion (T1485).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4365Shared CWE-862
CVE-2025-23512Shared CWE-862
CVE-2026-4094Shared CWE-862
CVE-2026-27181Shared CWE-862
CVE-2026-4119Shared CWE-862
CVE-2024-12104Shared CWE-862
CVE-2026-32817Shared CWE-862
CVE-2026-25443Shared CWE-862
CVE-2025-22657Shared CWE-862
CVE-2025-22715Shared CWE-862

Affected Assets

Wordfence
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations, directly addressing the missing capability check that allows unauthenticated database wiping.

prevent

Requires validation of inputs to the ghazale_sds_delete_entries_table_row() function, mitigating the lack of sufficient validation exploited for table deletion.

prevent

Mandates identification, prioritization, and correction of flaws like this plugin vulnerability, preventing exploitation through timely remediation.

References