Description
WordPress Plugin CiviCRM is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently read private data from the database. WordPress Plugin CiviCRM version 5.35.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin versions 5.36.1, 5.35.2, 5.33.5 ESR, or latest
References
Related Vulnerabilities
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.10.7)
PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)
Oracle Database Server CVE-2006-5333 Vulnerability (CVE-2006-5333)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3732)