PT-2020-13025 · WordPress · Responsive Addons

Published

2020-04-23

Updated

2020-04-28

CVE-2020-12073

CVSS v3.1

9.1

Critical

Vector

AC:L/AV:N/A:L/C:L/I:H/PR:L/S:C/UI:N

Name of the Vulnerable Software and Affected Versions responsive-add-ons plugin versions prior to 2.2.7 for WordPress

Description The issue concerns incorrect access control for wp-admin/admin-ajax.php?action= requests. This affects the responsive-add-ons plugin for WordPress, allowing unauthorized access.

Recommendations For versions prior to 2.2.7, update to version 2.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/admin-ajax.php endpoint until the update is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-12073

Affected Products

Responsive Addons

PT-2020-13025 · WordPress · Responsive Addons

CVE-2020-12073

Related Identifiers

Affected Products

References · 4