How severe is CVE-2020-36875?

The severity of CVE-2020-36875 has not been assessed with CVSS v3.

CVE-2020-36875

NONE

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP cod

Опубликовано: 1/9/2026Обновлено: 1/13/2026

Описание

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web server process, resulting in remote code execution.

ИИ-АнализНа базе ИИ

Ссылки

https://accessally.com/software-release/accessally-3-3-2/
https://wpscan.com/vulnerability/c644de6d-098d-4889-b75d-53fd2b89ff4d/
https://www.vulncheck.com/advisories/accessally-unauthenticated-arbitrary-php-code-execution
https://wpscan.com/vulnerability/c644de6d-098d-4889-b75d-53fd2b89ff4d/