CVE-2020-36700

Name of the Vulnerable Software and Affected Versions The Page Builder: KingComposer plugin for WordPress versions up to, and including, 2.9.3

Description The issue is related to authorization bypass due to a security nonce being leaked in the '/wp-admin/index.php' page. This allows authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content.

Recommendations For versions up to, and including, 2.9.3, update to a version higher than 2.9.3 to resolve the issue. As a temporary workaround, consider restricting access to the '/wp-admin/index.php' page to minimize the risk of exploitation.