Description
WordPress Plugin CiviCRM is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently read private data from the database. WordPress Plugin CiviCRM version 5.35.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin versions 5.36.1, 5.35.2, 5.33.5 ESR, or latest
References
Related Vulnerabilities
WordPress Plugin ECPay Logistics for WooCommerce Cross-Site Scripting (1.2.181030)
Joomla Improper Input Validation Vulnerability (CVE-2018-12712)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0300)
ownCloud Other Vulnerability (CVE-2012-5057)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9634)