CVE-2020-12076 CRITICAL

CVE-2020-12076

Vendor N/A
Product n/a
Published April 23, 2020
Last update August 4, 2024

CVSS base score

9.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R

What the vulnerability does

01Description

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.

Key dates

02Disclosure timeline

April 23, 2020 CVE published
August 4, 2024 Record updated