|
197911
|
8.8 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data s…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35938
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197912
|
8.0 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a r…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35937
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197913
|
8.0 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remote…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35936
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197914
|
8.8 |
HIGH
Network
|
vasyltech
|
advanced_access_manager
|
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism …
|
NVD-CWE-noinfo
|
CVE-2020-35935
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197915
|
4.3 |
MEDIUM
Network
|
vasyltech
|
advanced_access_manager
|
The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). Th…
|
CWE-200
Information Exposure
|
CVE-2020-35934
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197916
|
6.5 |
MEDIUM
Network
|
thenewsletterplugin
|
newsletter
|
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX req…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35933
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197917
|
8.8 |
HIGH
Network
|
tribulant
|
newsletter
|
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35932
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197918
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-35931
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197919
|
5.4 |
MEDIUM
Network
|
seopanel
|
seo_panel
|
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35930
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197920
|
4.7 |
MEDIUM
Local
|
atom_project
|
atom
|
An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race.
|
CWE-362
Race Condition
|
CVE-2020-35897
|
2024-11-21 14:28 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
