CVE-2020-37079 MEDIUM

CVE-2020-37079: Wing FTP Server < 6.2.7 - Cross-site Request Forgery

Vendor Wing Ftp Server

Product Wing FTP Server

Weakness CWE-352 · CSRF

Published February 6, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.

Key dates

02Disclosure timeline

February 6, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37079 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-25135 WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability CVE-2023-37891 WordPress Exit Popups & Onsite Retargeting by OptiMonk Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-30535 WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability CVE-2025-62871 WordPress Just TinyMCE Custom Styles plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability