E Plugins · Doctor-Listing · CVE-2020-36666
**Name of the Vulnerable Software and Affected Versions**
directory-pro WordPress plugin versions prior to 1.9.5
final-user-wp-frontend-user-profiles WordPress plugin versions prior to 1.2.2
photographer-directory WordPress plugin versions prior to 1.0.9
real-estate-pro WordPress plugin versions prior to 1.7.1
institutions-directory WordPress plugin versions prior to 1.3.1
lawyer-directory WordPress plugin versions prior to 1.2.9
doctor-listing WordPress plugin versions prior to 1.3.6
Hotel Listing WordPress plugin versions prior to 1.3.7
fitness-trainer WordPress plugin versions prior to 1.4.1
wp-membership WordPress plugin versions prior to 1.5.7
**Description**
The issue concerns several WordPress plugins developed by e-plugins, which fail to implement security measures in certain AJAX calls. Specifically, the `iv directories update profile setting()` function in the `plugin.php` file uses `update user meta` with data provided by the AJAX call, allowing an attacker to grant admin capabilities to a logged-in user. This is particularly problematic since these plugins allow user registration via custom forms, even if the blog does not permit user registration, thereby making any site using these plugins vulnerable.
**Recommendations**
For directory-pro WordPress plugin version prior to 1.9.5, update to version 1.9.5 or later.
For final-user-wp-frontend-user-profiles WordPress plugin version prior to 1.2.2, update to version 1.2.2 or later.
For photographer-directory WordPress plugin version prior to 1.0.9, update to version 1.0.9 or later.
For real-estate-pro WordPress plugin version prior to 1.7.1, update to version 1.7.1 or later.
For institutions-directory WordPress plugin version prior to 1.3.1, update to version 1.3.1 or later.
For lawyer-directory WordPress plugin version prior to 1.2.9, update to version 1.2.9 or later.
For doctor-listing WordPress plugin version prior to 1.3.6, update to version 1.3.6 or later.
For Hotel Listing WordPress plugin version prior to 1.3.7, update to version 1.3.7 or later.
For fitness-trainer WordPress plugin version prior to 1.4.1, update to version 1.4.1 or later.
For wp-membership WordPress plugin version prior to 1.5.7, update to version 1.5.7 or later.