Vulnerabilities > CVE-2020-14205 - Missing Authorization vulnerability in Divebook Project Divebook 1.1.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

divebook-project

CWE-862

NVD

Published: 2020-12-08

Updated: 2020-12-10

Summary

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.

Vulnerable Configurations

Part	Description	Count
Application	Divebook_Project Divebook Project Divebook 1.1.4	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wordpress.org/plugins/divebook/#developers
https://www.hooperlabs.xyz/disclosures/divebook.php