Description

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

Remediation

References

CVE-2020-13676

Related Vulnerabilities

WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Cross-Site Scripting (4.19.3)

Nginx CVE-2023-27729 Vulnerability (CVE-2023-27729)

MySQL CVE-2012-0495 Vulnerability (CVE-2012-0495)

WordPress Plugin Thank You Counter Button Cross-Site Scripting (1.8.2)

WordPress Plugin Contact Form-Form builder with drag & drop for WordPress by Kali Forms Security Bypass (2.1.1)

Severity

Medium

Classification

CVE-2020-13676 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities