CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36737

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.5%

CVSS Severity

CVSS v3 Score 4.3

References

Products affected by CVE-2020-36737

Brainstormforce » Import / Export Customizer Settings » Version: N/A

cpe:2.3:a:brainstormforce:import_/_export_customizer_settings:-
Brainstormforce » Import / Export Customizer Settings » Version: 1.0.1

cpe:2.3:a:brainstormforce:import_/_export_customizer_settings:1.0.1
Brainstormforce » Import / Export Customizer Settings » Version: 1.0.2

cpe:2.3:a:brainstormforce:import_/_export_customizer_settings:1.0.2
Brainstormforce » Import / Export Customizer Settings » Version: 1.0.3

cpe:2.3:a:brainstormforce:import_/_export_customizer_settings:1.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36737

Products

Pricing

Contact Us