CVE-2020-36668 Information

Description

The JetBackup – WP Backup Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to and including 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers and above to invoke the function and obtain database table information.

Reference

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2348984%40backup&new=2348984%40backup&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3e2a9d71-21ef-45a1-99ed-477066ce9620