Description
WordPress Plugin CiviCRM is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently read private data from the database. WordPress Plugin CiviCRM version 5.35.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin versions 5.36.1, 5.35.2, 5.33.5 ESR, or latest
References
Related Vulnerabilities
Oracle Database Server CVE-2021-2234 Vulnerability (CVE-2021-2234)
WordPress Plugin Fusion:Extension-Gallery Multiple Unspecified Vulnerabilities (1.0.4)
WordPress Plugin Spectra-WordPress Gutenberg Blocks Security Bypass (1.14.7)
WordPress Plugin Fitness Trainer-Training Membership Cross-Site Scripting (1.0.8)