617 matches found
CVE-2020-35936
Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
CVE-2020-35936
Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
Design/Logic Flaw
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...
Cross site scripting
Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
CVE-2020-35938
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...
CVE-2020-35938
The CVE concerns the WordPress Post Grid plugin (versions prior to 2.0.73). The vulnerability is a PHP object injection caused by insecure unserialization of data supplied in a remotely hosted crafted payload sent via AJAX, targeting the action parameter post_grid_import_xml_layouts. An authentic...
CVE-2020-35936
Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
CVE-2020-35936
The CVE-2020-35936 entry concerns WordPress plugins Post Grid (and Team Showcase) with a Stored XSS in Post Grid prior to 2.0.73. The vulnerability arises when an authenticated user can import layouts via AJAX using the action post_grid_import_xml_layouts, allowing JavaScript payloads sourced fro...
WordPress 注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. A PHP object injection vulnerability exists in the Post Grid plugin for WordPress versions prior to 2.0.73. The vulnerability stems from unsafe deserialization of certain data in parameters. An...
WordPress Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Post Grid plugin before 2.0.73 for WordPress, whi...
Easy WP SMTP Security Bug Can Reveal Admin Credentials
Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said. Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don’t end up in the...
Post Grid WordPress Plugin Flaws Allow Site Takeovers
Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations. The issues...
Post Grid < 2.0.73 & Team Showcase < 1.22.16 - PHP Object Injection
Ram Gall from Wordfence discovered an authenticated subscriber+ PHP Object Injection vulnerability in the Post Grid and Team Showcase WordPress plugins...
WordPress Post Grid plugin <= 2.0.72 - PHP Object Injection vulnerability
PHP Object Injection vulnerability found by Ramuel Gall Wordfence in WordPress Post Grid plugin versions = 2.0.72. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.0.73...
WordPress Post Grid plugin <= 2.0.72 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ramuel Gall in WordPress Post Grid plugin versions = 2.0.72. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.0.73...
WordPress Post Grid Plugin <= 2.0.12 - Arbitrary File Deletion
This plugin is prone to an arbitrary file deletion vulnerability. Solution Update the plugin...
Post Grid <= 2.0.12 - Unauthenticated Arbitrary File Deletion
The Post Grid WordPress plugin was affected by an Unauthenticated Arbitrary File Deletion security vulnerability...