CVE-2020-36668 : Security Advisory and Response

This article provides insights into CVE-2020-36668, a vulnerability in the JetBackup - WP Backup, Migrate & Restore plugin for WordPress.

Understanding CVE-2020-36668

The JetBackup - WP Backup, Migrate & Restore plugin for WordPress is susceptible to sensitive information disclosure due to a lack of proper capability checking.

What is CVE-2020-36668?

The vulnerability in the JetBackup - WP Backup, Migrate & Restore plugin allows subscriber-level attackers and above to access database table information.

The Impact of CVE-2020-36668

The vulnerability can lead to sensitive data exposure, potentially compromising the security and confidentiality of WordPress websites.

Technical Details of CVE-2020-36668

The following technical details outline the specifics of CVE-2020-36668:

Vulnerability Description

The issue arises from inadequate capability checking on the backup_guard_get_manual_modal function called via an AJAX action.

Affected Systems and Versions

Vendor: backupguard
Product: JetBackup - WP Backup, Migrate & Restore
Versions Affected: Up to and including 1.4.0

Exploitation Mechanism

Attackers with subscriber-level access or higher can exploit this vulnerability to invoke the function and retrieve database table information.

Mitigation and Prevention

Protect your WordPress site from CVE-2020-36668 with the following measures:

Immediate Steps to Take

Update the JetBackup - WP Backup, Migrate & Restore plugin to version 1.4.1 or higher.
Monitor for any unauthorized access or suspicious activities on your website.

Long-Term Security Practices

Regularly audit and review the security configurations of your WordPress plugins.
Educate users on best practices for maintaining secure access levels and permissions.

Patching and Updates

Stay informed about security patches and updates for all installed plugins and promptly apply them to mitigate potential vulnerabilities.