Improper Access Control in DiveBook Plugin 1.1.4 for WordPress Allows Unauthorized Manipulation of Dive Logs

Improper Access Control in DiveBook Plugin 1.1.4 for WordPress Allows Unauthorized Manipulation of Dive Logs

CVE-2020-14205 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.

Learn more about our Wordpress Pen Testing.