Vulnerabilities > CVE-2020-14205 - Missing Authorization vulnerability in Divebook Project Divebook 1.1.4

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
divebook-project
CWE-862

Summary

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.

Vulnerable Configurations

Part Description Count
Application
Divebook_Project
1

Common Weakness Enumeration (CWE)