CVE-2020-14205

MEDIUM

DiveBook 1.1.4 - Missing Authorization in Log Dive Form

Title source: llm
STIX 2.1

Description

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://wordpress.org/plugins/divebook/#developers
Exploit, Third Party Advisory x_refsource_misc
https://www.hooperlabs.xyz/disclosures/divebook.php

Scores

CVSS v3 5.3
EPSS 0.0114
EPSS Percentile 62.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-862
Status published
Products (1)
divebook_project/divebook 1.1.4
Published Dec 08, 2020
Tracked Since Feb 18, 2026