CVE-2020-36696 - OpenCVE

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tychesoftwares	Product Input Fields For Woocommerce

Configuration 1 [-]

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=
https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74
https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-07T01:51:09.704Z

Updated: 2024-08-04T17:37:05.238Z

Reserved: 2023-06-06T12:18:17.944Z

Link: CVE-2020-36696

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-07T02:15:10.930

Modified: 2023-11-07T03:22:27.010

Link: CVE-2020-36696

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-36696", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-06-06T12:18:17.944Z", "datePublished": "2023-06-07T01:51:09.704Z", "dateUpdated": "2024-08-04T17:37:05.238Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-06-07T01:51:09.704Z"}, "affected": [{"vendor": "tychesoftwares", "product": "Product Input Fields for WooCommerce", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.2.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve"}, {"url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/"}, {"url": "https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-285 Improper Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jerome Bruandet"}], "timeline": [{"time": "2020-08-03T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:05.238Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve", "tags": ["x_transferred"]}, {"url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/", "tags": ["x_transferred"]}, {"url": "https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "45F62E3B-155B-4DC6-8649-BF9639E0FF62", "versionEndExcluding": "1.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service."}], "id": "CVE-2020-36696", "lastModified": "2023-11-07T03:22:27.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-06-07T02:15:10.930", "references": [{"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}