CVE-2020-37007 MEDIUM

CVE-2020-37007: Liman 0.7 - Cross-Site Request Forgery (Change Password)

Vendor Salihciftci

Product Liman

Weakness CWE-352 · CSRF

Published January 29, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting unauthorized requests.

Key dates

02Disclosure timeline

January 29, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37007 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-22328 WordPress Elevio plugin <= 4.4.1 - CSRF to Stored XSS vulnerability CVE-2024-51484 Insufficient Validation in Controllers (Activation/Deactivation) in Ampache CVE-2024-32141 WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-22590 WordPress Prayer Times Anywhere plugin <= 2.0.1 - CSRF to Stored XSS vulnerability CVE-2026-4118 Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update