A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin on WordPress (WordPress Plugin) (the affected version is unknown). Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php. The manipulation with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was presented 12/24/2022 as 173. The advisory is available at github.com. This vulnerability is traded as CVE-2020-36626. Successful exploitation requires user interaction by the victim. Technical details and a public exploit are known. This vulnerability is assigned to T1505 by the MITRE ATT&CK project.

The exploit is shared for download at github.com. It is declared as proof-of-concept. By approaching the search of inurl:ModularContent/SearchFilter.php it is possible to find vulnerable targets with Google Hacking.

Applying the patch 4528d4f855dbbf24e9fc12a162fda84ce3bedc2f is able to eliminate this problem. The bugfix is ready for download at github.com.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• WordPress Plugin

Vendor

• Modern Tribe

Name

• Panel Builder Plugin

License

• open-source

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion