CVE-2020-14205
MEDIUMDiveBook 1.1.4 - Missing Authorization in Log Dive Form
Title source: llmDescription
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://wordpress.org/plugins/divebook/#developers
Exploit, Third Party Advisory x_refsource_misc
https://www.hooperlabs.xyz/disclosures/divebook.php
Scores
CVSS v3
5.3
EPSS
0.0114
EPSS Percentile
62.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-862
Status
published
Products (1)
divebook_project/divebook
1.1.4
Published
Dec 08, 2020
Tracked Since
Feb 18, 2026