CVE-2020-36670 - Vulnerability Details - OpenCVE

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Basixonline	Nex-forms

Configuration 1 [-]

cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/2427162/
https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9

History

Mon, 13 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-03-07T15:34:03.433Z

Updated: 2025-01-13T17:00:48.199Z

Reserved: 2023-03-07T15:33:56.028Z

Link: CVE-2020-36670

Vulnrichment

Updated: 2024-08-04T17:30:08.563Z

NVD

Status : Modified

Published: 2023-03-07T16:15:09.267

Modified: 2024-11-21T05:30:04.460

Link: CVE-2020-36670

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-36670", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-03-07T15:33:56.028Z", "datePublished": "2023-03-07T15:34:03.433Z", "dateUpdated": "2025-01-13T17:00:48.199Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-03-07T15:34:03.433Z"}, "affected": [{"vendor": "webaways", "product": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "7.7.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9"}, {"url": "https://plugins.trac.wordpress.org/changeset/2427162/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Chloe Chamberland"}], "timeline": [{"time": "2020-11-27T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.563Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2427162/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-13T16:25:11.690505Z", "id": "CVE-2020-36670", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T17:00:48.199Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2427162/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.563Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36670", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-13T16:25:11.690505Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T16:25:14.146Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Chloe Chamberland"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "webaways", "product": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "7.7.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2020-11-27T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9"}, {"url": "https://plugins.trac.wordpress.org/changeset/2427162/"}], "descriptions": [{"lang": "en", "value": "The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-03-07T15:34:03.433Z"}}}, "cveMetadata": {"cveId": "CVE-2020-36670", "state": "PUBLISHED", "dateUpdated": "2025-01-13T17:00:48.199Z", "dateReserved": "2023-03-07T15:33:56.028Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2023-03-07T15:34:03.433Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E3F77D71-03CB-46CB-BED4-C3ED6741154A", "versionEndIncluding": "7.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more."}], "id": "CVE-2020-36670", "lastModified": "2024-11-21T05:30:04.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-07T16:15:09.267", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/2427162/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/2427162/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}