cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-36833,https://securityvulnerability.io/vulnerability/CVE-2020-36833,Authorization Bypass Vulnerability in Indeed's Membership Pro Plugin for WordPress,"The Indeed Membership Pro plugin for WordPress contains a vulnerability that arises from missing capability checks on various AJAX actions. This allows authenticated users, even those with minimal permissions such as subscribers, to execute unauthorized actions. Users may manipulate settings and access sensitive information without the requisite permissions. This exposes sites using the affected plugin to significant security risks, emphasizing the importance of maintaining updated versions and implementing appropriate security measures.",Wordpress,Indeed Membership Pro,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-10-16T06:43:40.797Z,0
CVE-2020-36832,https://securityvulnerability.io/vulnerability/CVE-2020-36832,"Unauthenticated Attackers Can Bypass Authentication and Access Any User Account, Including the Site Administrator with Default ID of 1","The Ultimate Membership Pro plugin for WordPress contains a vulnerability that allows unauthenticated attackers to bypass normal authentication mechanisms. This issue affects versions 7.3 through 8.6 of the plugin. By leveraging this flaw, an attacker can gain unauthorized access to any user account on a site utilizing this plugin, including accounts with administrative privileges. This presents a significant risk, as attackers could manipulate site settings or access sensitive information. Website administrators are advised to implement immediate security measures, including updating to the latest versions of the plugin and reviewing user account activity.",Wordpress,Indeed Membership Pro,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2024-10-16T06:43:38.406Z,0