2 matches found
CVE-2020-13643
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The liveeditorpanelsdata $POST variable allows for malicious JavaScript to be...
CVE-2020-13643
CVE-2020-13643 affects the WordPress plugin SiteOrigin Page Builder (before 2.10.16). The root cause is the live editor feature not performing nonce verification, allowing forged requests on behalf of an administrator. The vulnerable vector centers on the live_editor_panels_data in $_POST, which ...