Medium severity6.3NVD Advisory· Published Oct 16, 2024· Updated Jun 17, 2026
CVE-2020-36833
CVE-2020-36833
Description
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=7.3,<=8.6+ 1 more
- (no CPE)range: >=7.3,<=8.6
- (no CPE)range: 7.3 - 8.6
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.