CVE-2020-9514 - Vulnerability Details - OpenCVE

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0025.

Key SSVC decision points have not yet been added.

Vendors	Products
Idxbroker	Impress For Idx Broker

Configuration 1 [-]

cpe:2.3:a:idxbroker:impress_for_idx_broker:*:*:*:*:platinum:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-30320	An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page).

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wordpress.org/plugins/idx-broker-platinum/#developers
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-07T16:42:51

Updated: 2024-08-04T10:34:38.231Z

Reserved: 2020-03-01T00:00:00

Link: CVE-2020-9514

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-07T17:15:14.947

Modified: 2024-11-21T05:40:47.297

Link: CVE-2020-9514

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-03-19T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-07T16:42:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/idx-broker-platinum/#developers"}, {"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-9514", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/idx-broker-platinum/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/idx-broker-platinum/#developers"}, {"name": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:34:38.231Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/plugins/idx-broker-platinum/#developers"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-9514", "datePublished": "2020-04-07T16:42:51", "dateReserved": "2020-03-01T00:00:00", "dateUpdated": "2024-08-04T10:34:38.231Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:idxbroker:impress_for_idx_broker:*:*:*:*:platinum:wordpress:*:*", "matchCriteriaId": "237675F6-C86B-4716-8C12-DE0F21159E7D", "versionEndExcluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el plugin IMPress for IDX Broker versiones anteriores a 2.6.2 para WordPress. El archivo wrappers.php permite a un usuario registrado (con el rol Suscriptor) eliminar permanentemente publicaciones y p\u00e1ginas arbitrarias, crear nuevas publicaciones con asuntos arbitrarios y modificar los asuntos de las publicaciones y p\u00e1ginas existentes (por medio de create_dynamic_page y delete_dynamic_page)."}], "id": "CVE-2020-9514", "lastModified": "2024-11-21T05:40:47.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-07T17:15:14.947", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://wordpress.org/plugins/idx-broker-platinum/#developers"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://wordpress.org/plugins/idx-broker-platinum/#developers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}