Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation

Incorrect Privilege Assignment
CVE CVE-2020-36666
CVSS High (8.8)
Publicly Published March 6, 2023
Last Updated January 22, 2024
Researcher Omar Badran
Description

Multiple plugins by the vendor E-plugins are vulnerable to privilege escalation due to insufficient restriction on several functions called via AJAX actions that set a user's role based on supplied role information. This makes it possible authenticated, subscriber-level and above attackers to elevate their privileges to that of an administrator.

References

11 affected software package

Software Type Plugin
Software Slug hotel-listing (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.3.7
Patched Version
  • 1.3.7
Software Type Plugin
Software Slug directory-pro (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.9.5
Patched Version
  • 1.9.5
Software Type Plugin
Software Slug photographer-directory (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.0.9
Patched Version
  • 1.0.9
Software Type Plugin
Software Slug lawyer-directory (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.2.9
Patched Version
  • 1.2.9
Software Type Plugin
Software Slug real-estate-pro (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.7.1
Patched Version
  • 1.7.1
Software Type Plugin
Software Slug institutions-directory (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.3.1
Patched Version
  • 1.3.1
Software Type Plugin
Software Slug fitness-trainer (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.4.1
Patched Version
  • 1.4.1
Software Type Plugin
Software Slug doctor-listing (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.3.6
Patched Version
  • 1.3.6
Software Type Plugin
Software Slug wp-membership (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.5.7
Patched Version
  • 1.5.7
Software Type Plugin
Software Slug producer-retailer (view on wordpress.org)
Patched? No
Affected Version
  • <= *
Patched Version
Software Type Plugin
Software Slug final-user-wp-frontend-user-profiles (view on wordpress.org)
Patched? Yes
Affected Version
  • <= 1.2.2
Patched Version
  • 1.2.2
This record contains material that is subject to copyright

Copyright 2012-2026 Defiant Inc.
License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. License Detail.