Lucene search
K

88 matches found

NVD
NVD
added 2021/01/01 2:15 a.m.14 views

CVE-2020-35936

Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

8CVSS6.7AI score0.01651EPSS
Exploits1References1
Prion
Prion
added 2021/01/01 2:15 a.m.13 views

Cross site scripting

Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

6CVSS6.7AI score0.01651EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2021/01/01 2:15 a.m.14 views

Design/Logic Flaw

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...

6CVSS8.7AI score0.02082EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2021/01/01 1:25 a.m.33 views

CVE-2020-35938

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...

7.5CVSS8.8AI score0.02082EPSS
Exploits1References1
CVE
CVE
added 2021/01/01 1:25 a.m.86 views

CVE-2020-35938

The CVE concerns the WordPress Post Grid plugin (versions prior to 2.0.73). The vulnerability is a PHP object injection caused by insecure unserialization of data supplied in a remotely hosted crafted payload sent via AJAX, targeting the action parameter post_grid_import_xml_layouts. An authentic...

8.8CVSS8.6AI score0.02082EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2021/01/01 1:25 a.m.79 views

CVE-2020-35936

The CVE-2020-35936 entry concerns WordPress plugins Post Grid (and Team Showcase) with a Stored XSS in Post Grid prior to 2.0.73. The vulnerability arises when an authenticated user can import layouts via AJAX using the action post_grid_import_xml_layouts, allowing JavaScript payloads sourced fro...

8CVSS6.6AI score0.01651EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.6 views

WordPress Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Post Grid plugin before 2.0.73 for WordPress, whi...

8CVSS5.6AI score0.01651EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.7 views

WordPress 注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. A PHP object injection vulnerability exists in the Post Grid plugin for WordPress versions prior to 2.0.73. The vulnerability stems from unsafe deserialization of certain data in parameters. An...

8.8CVSS5.9AI score0.02082EPSS
Exploits1References2
Rows per page
Query Builder