CVE-2020-36761

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jul 12, 2023

Updated: Nov 7, 2023

Summary

CVE-2020-36761: The Top 10 plugin for WordPress, used by over 1 million websites, has been identified as having a Cross-Site Request Forgery (CSRF) vulnerability. This issue affects versions up to 2.10.4 and stems from insufficient nonce validation on the tptn_export_tables() function. As a result, unauthenticated attackers can manipulate administrators into executing a malicious export request, potentially jeopardizing sensitive information on affected websites.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r9V7xm
https://www.cve.org/CVERecord?id=CVE-2020-36761
https://nvd.nist.gov/vuln/detail/CVE-2020-36761

Back to Vulnerability Database

CVE-2020-36761

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations