88 matches found
CVE-2020-35936
Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
Cross site scripting
Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
Design/Logic Flaw
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...
CVE-2020-35938
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...
CVE-2020-35938
The CVE concerns the WordPress Post Grid plugin (versions prior to 2.0.73). The vulnerability is a PHP object injection caused by insecure unserialization of data supplied in a remotely hosted crafted payload sent via AJAX, targeting the action parameter post_grid_import_xml_layouts. An authentic...
CVE-2020-35936
The CVE-2020-35936 entry concerns WordPress plugins Post Grid (and Team Showcase) with a Stored XSS in Post Grid prior to 2.0.73. The vulnerability arises when an authenticated user can import layouts via AJAX using the action post_grid_import_xml_layouts, allowing JavaScript payloads sourced fro...
WordPress Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Post Grid plugin before 2.0.73 for WordPress, whi...
WordPress 注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. A PHP object injection vulnerability exists in the Post Grid plugin for WordPress versions prior to 2.0.73. The vulnerability stems from unsafe deserialization of certain data in parameters. An...