Description

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

Remediation

References

CVE-2020-13676

Related Vulnerabilities

MySQL CVE-2017-3464 Vulnerability (CVE-2017-3464)

WordPress Plugin AllWebMenus WordPress Menu 'abspath' Parameter Remote File Include (1.1.3)

ReviveAdserver Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7371)

WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)

RubyGems Origin Validation Error Vulnerability (CVE-2017-0902)

Severity

Medium

Classification

CVE-2020-13676 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities