CVE-2020-35939

CVE-2020-35939 affects the Team Showcase plugin for WordPress (and related Post Grid/Team Showcase context) with PHP Object Injection via insecure unserialization in the source parameter over AJAX when action=team_import_xml_layouts. It requires authentication (remote authenticated attacker) and ...

CVE-2020-35938

The CVE concerns the WordPress Post Grid plugin (versions prior to 2.0.73). The vulnerability is a PHP object injection caused by insecure unserialization of data supplied in a remotely hosted crafted payload sent via AJAX, targeting the action parameter post_grid_import_xml_layouts. An authentic...

CVE-2020-35937

CVE-2020-35937 affects the WordPress Post Grid/Team Showcase plugin: stored XSS in Team Showcase before 1.22.16 via AJAX import of layouts (team_import_xml_layouts) where the source parameter can carry crafted JavaScript. Requires authenticated access; impact is partial confidentiality/integrity/...

CVE-2020-35936

The CVE-2020-35936 entry concerns WordPress plugins Post Grid (and Team Showcase) with a Stored XSS in Post Grid prior to 2.0.73. The vulnerability arises when an authenticated user can import layouts via AJAX using the action post_grid_import_xml_layouts, allowing JavaScript payloads sourced fro...