CVE-2020-36702

MEDIUM

Ultimate Addons for Gutenberg <1.14.7 - Auth Bypass

Title source: llm
STIX 2.1

Description

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings.

Scores

CVSS v3 5.5
EPSS 0.0042
EPSS Percentile 33.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
brainstormforce/spectra < 1.14.7
brainstormforce/Spectra Gutenberg Blocks – Website Builder for the Block Editor < 1.14.7
Published Jun 07, 2023
Tracked Since Feb 18, 2026