Description Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. Remediation References CVE-2018-20028 Related Vulnerabilities MySQL CVE-2020-14790 Vulnerability (CVE-2020-14790) WordPress Plugin Logo Showcase with Slick Slider-Logo Carousel, Logo Slider & Logo Grid Cross-Site Scripting (1.2.3) WordPress Plugin 10Web Social Post Feed Unspecified Vulnerability (1.1.26) WordPress Plugin Website FAQ 'website-faq-widget.php' SQL Injection (1.0) WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5205) Severity Medium Classification CVE-2018-20028 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Tags Missing Update Known Vulnerabilities