Lucene search
+L

617 matches found

NVD
NVD
added 2021/01/01 2:15 a.m.15 views

CVE-2020-35936

Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

8CVSS6.7AI score0.01651EPSS
Exploits1References1
OSV
OSV
added 2021/01/01 2:15 a.m.6 views

CVE-2020-35936

Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

8CVSS5.8AI score0.01651EPSS
Exploits1References1
Prion
Prion
added 2021/01/01 2:15 a.m.14 views

Design/Logic Flaw

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...

6CVSS8.7AI score0.02082EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2021/01/01 2:15 a.m.14 views

Cross site scripting

Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

6CVSS6.7AI score0.01651EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2021/01/01 1:25 a.m.33 views

CVE-2020-35938

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...

7.5CVSS8.8AI score0.02082EPSS
Exploits1References1
CVE
CVE
added 2021/01/01 1:25 a.m.86 views

CVE-2020-35938

The CVE concerns the WordPress Post Grid plugin (versions prior to 2.0.73). The vulnerability is a PHP object injection caused by insecure unserialization of data supplied in a remotely hosted crafted payload sent via AJAX, targeting the action parameter post_grid_import_xml_layouts. An authentic...

8.8CVSS8.6AI score0.02082EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2021/01/01 1:25 a.m.17 views

CVE-2020-35936

Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

7.5CVSS6.8AI score0.01651EPSS
Exploits1References1
CVE
CVE
added 2021/01/01 1:25 a.m.79 views

CVE-2020-35936

The CVE-2020-35936 entry concerns WordPress plugins Post Grid (and Team Showcase) with a Stored XSS in Post Grid prior to 2.0.73. The vulnerability arises when an authenticated user can import layouts via AJAX using the action post_grid_import_xml_layouts, allowing JavaScript payloads sourced fro...

8CVSS6.6AI score0.01651EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.8 views

WordPress 注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. A PHP object injection vulnerability exists in the Post Grid plugin for WordPress versions prior to 2.0.73. The vulnerability stems from unsafe deserialization of certain data in parameters. An...

8.8CVSS5.9AI score0.02082EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.6 views

WordPress Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Post Grid plugin before 2.0.73 for WordPress, whi...

8CVSS5.6AI score0.01651EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2020/12/15 9:30 p.m.22 views

Easy WP SMTP Security Bug Can Reveal Admin Credentials

Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said. Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don’t end up in the...

9AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/10/05 9:11 p.m.215 views

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations. The issues...

10AI score0.26869EPSS
Exploits0References10
WPVulnDB
WPVulnDB
added 2020/10/05 12:0 a.m.25 views

Post Grid < 2.0.73 & Team Showcase < 1.22.16 - PHP Object Injection

Ram Gall from Wordfence discovered an authenticated subscriber+ PHP Object Injection vulnerability in the Post Grid and Team Showcase WordPress plugins...

6CVSS8.8AI score0.02082EPSS
Exploits2References3Affected Software2
Patchstack
Patchstack
added 2020/10/05 12:0 a.m.12 views

WordPress Post Grid plugin <= 2.0.72 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Ramuel Gall Wordfence in WordPress Post Grid plugin versions = 2.0.72. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.0.73...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/10/05 12:0 a.m.10 views

WordPress Post Grid plugin <= 2.0.72 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ramuel Gall in WordPress Post Grid plugin versions = 2.0.72. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.0.73...

1.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2016/11/08 12:0 a.m.9 views

WordPress Post Grid Plugin <= 2.0.12 - Arbitrary File Deletion

This plugin is prone to an arbitrary file deletion vulnerability. Solution Update the plugin...

2.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/11/08 12:0 a.m.7 views

Post Grid <= 2.0.12 - Unauthenticated Arbitrary File Deletion

The Post Grid WordPress plugin was affected by an Unauthenticated Arbitrary File Deletion security vulnerability...

3.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder