{"vulnerability": "CVE-2020-3675", "sightings": [{"uuid": "dade1758-f018-4d6e-8677-0fe536026011", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36759", "type": "seen", "source": "https://t.me/cibsecurity/72657", "content": "\u203c CVE-2020-36759 \u203c\n\nThe Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-20T12:35:14.000000Z"}, {"uuid": "7c78a073-0a88-4202-ae27-0a85de8deb74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36758", "type": "seen", "source": "https://t.me/cibsecurity/72650", "content": "\u203c CVE-2020-36758 \u203c\n\nThe RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-20T12:35:07.000000Z"}, {"uuid": "7deb2095-7140-4047-9457-dbe126660747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36756", "type": "seen", "source": "https://t.me/cibsecurity/66500", "content": "\u203c CVE-2020-36756 \u203c\n\nThe 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the create_csv_file() function. This makes it possible for unauthenticated attackers to create a CSV file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:41:50.000000Z"}, {"uuid": "ceae2576-5cae-401f-905f-0391308a5381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36757", "type": "seen", "source": "https://t.me/cibsecurity/66480", "content": "\u203c CVE-2020-36757 \u203c\n\nThe WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on the admin_add_order_item() function. This makes it possible for unauthenticated attackers to add an order item via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:35:48.000000Z"}]}