3 matches found
CVE-2020-35938
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...
CVE-2020-35938
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...
CVE-2020-35938
The CVE concerns the WordPress Post Grid plugin (versions prior to 2.0.73). The vulnerability is a PHP object injection caused by insecure unserialization of data supplied in a remotely hosted crafted payload sent via AJAX, targeting the action parameter post_grid_import_xml_layouts. An authentic...