PT-2025-40063 · WordPress · Custom Searchable Data Entry System

Sean Murphy

Publicado

2025-10-01

Atualizado

2025-10-06

CVE-2020-36852

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Custom Searchable Data Entry System plugin for WordPress versions up to and including 1.7.1

Description The Custom Searchable Data Entry System plugin for WordPress is susceptible to unauthenticated database wiping. This is due to a missing capability check and insufficient validation within the ghazale sds delete entries table row() function. This allows unauthenticated attackers to completely wipe database tables, such as wp users.

Recommendations Update the Custom Searchable Data Entry System plugin for WordPress to a version newer than 1.7.1.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2020-36852

Produtos afetados

Custom Searchable Data Entry System

PT-2025-40063 · WordPress · Custom Searchable Data Entry System

CVE-2020-36852

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8