CVE-2020-13642

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...

WordPress SiteOrigin Page Builder Cross-Site Request Forgery Vulnerability (CNVD-2020-31282)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.SiteOrigin Page Builder is a page builder plugin used in it. A cross-site request forgery vulnerability exists in...