Lucene search
Chloe ChamberlandWPVDB-ID:6DE420D5-C1E6-40E4-AB30-DA0E974716B5HistoryMay 11, 2020 - 12:00 a.m.
Page Builder by SiteOrigin < 2.10.16 - CSRF to Reflected Cross-Site Scripting (XSS)
2020-05-1100:00:00
Chloe Chamberland
wpscan.com
15
EPSS
0.001
Percentile
44.3%
Flaws in the live editor and action_builder_content functions of the plugin “allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to trick a site administrator into executing an action, like clicking a link or an attachment, for the attack to succeed.”
PoC
Live Editor (will add new administrative user): action_builder_content:
Related
openvas
openvas
wpexploit
wpexploit
prion
prion
Input validation
2020-05-28 04:15:00
Input validation
2020-05-28 04:15:00
patchstack
patchstack
WordPress Page Builder by SiteOrigin plugin <= 2.10.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)
2020-05-11 00:00:00
nvd
nvd
CVE-2020-13642
2020-05-28 04:15:12
CVE-2020-13643
2020-05-28 04:15:13
cvelist
cvelist
CVE-2020-13643
2020-05-28 03:11:48
CVE-2020-13642
2020-05-28 03:11:57
cve
cve
CVE-2020-13642
2020-05-28 04:15:12
CVE-2020-13643
2020-05-28 04:15:13