CVE-2020-36753
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
We have discovered 3,753 live websites that are affected by CVE-2020-36753.
Contact us to get more info
Affected Software
| |
---|
Product | Hueman |
Category | Wordpress Themes |
Vulnerable Versions | |
Total Vulnerable Versions | 196 |
Vulnerable Domains | 3,753 live websites (22.66% of Hueman install base) |