CVE-2020-36666

Name of the Vulnerable Software and Affected Versions directory-pro WordPress plugin versions prior to 1.9.5 final-user-wp-frontend-user-profiles WordPress plugin versions prior to 1.2.2 photographer-directory WordPress plugin versions prior to 1.0.9 real-estate-pro WordPress plugin versions prior to 1.7.1 institutions-directory WordPress plugin versions prior to 1.3.1 lawyer-directory WordPress plugin versions prior to 1.2.9 doctor-listing WordPress plugin versions prior to 1.3.6 Hotel Listing WordPress plugin versions prior to 1.3.7 fitness-trainer WordPress plugin versions prior to 1.4.1 wp-membership WordPress plugin versions prior to 1.5.7

Description The issue concerns several WordPress plugins developed by e-plugins, which fail to implement security measures in certain AJAX calls. Specifically, the iv directories update profile setting() function in the plugin.php file uses update user meta with data provided by the AJAX call, allowing an attacker to grant admin capabilities to a logged-in user. This is particularly problematic since these plugins allow user registration via custom forms, even if the blog does not permit user registration, thereby making any site using these plugins vulnerable.

Recommendations For directory-pro WordPress plugin version prior to 1.9.5, update to version 1.9.5 or later. For final-user-wp-frontend-user-profiles WordPress plugin version prior to 1.2.2, update to version 1.2.2 or later. For photographer-directory WordPress plugin version prior to 1.0.9, update to version 1.0.9 or later. For real-estate-pro WordPress plugin version prior to 1.7.1, update to version 1.7.1 or later. For institutions-directory WordPress plugin version prior to 1.3.1, update to version 1.3.1 or later. For lawyer-directory WordPress plugin version prior to 1.2.9, update to version 1.2.9 or later. For doctor-listing WordPress plugin version prior to 1.3.6, update to version 1.3.6 or later. For Hotel Listing WordPress plugin version prior to 1.3.7, update to version 1.3.7 or later. For fitness-trainer WordPress plugin version prior to 1.4.1, update to version 1.4.1 or later. For wp-membership WordPress plugin version prior to 1.5.7, update to version 1.5.7 or later.