Description
WordPress Plugin CiviCRM is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently read private data from the database. WordPress Plugin CiviCRM version 5.35.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin versions 5.36.1, 5.35.2, 5.33.5 ESR, or latest
References
Related Vulnerabilities
WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)
PHP HTTP POST incorrect MIME header parsing vulnerability
WordPress Plugin Simple Download Monitor Multiple Cross-Site Request Forgery Vulnerabilities (3.9.8)
WordPress Plugin WordPress Infinite Scroll-Ajax Load More Multiple Vulnerabilities (5.5.3)
WordPress Plugin Simple Events Calendar Multiple Vulnerabilities (1.3.5)