|
197731
|
7.5 |
HIGH
Network
|
loopring
|
loopring
|
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.
|
NVD-CWE-noinfo
|
CVE-2020-35962
|
2024-11-21 14:28 |
2021-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197732
|
6.5 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect user…
|
NVD-CWE-noinfo
|
CVE-2020-35952
|
2024-11-21 14:28 |
2021-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197733
|
9.9 |
CRITICAL
Network
|
expresstech
|
quiz_and_survey_master
|
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offl…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35951
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197734
|
8.8 |
HIGH
Network
|
xcloner
|
xcloner
|
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).
|
CWE-352
Origin Validation Error
|
CVE-2020-35950
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197735
|
9.8 |
CRITICAL
Network
|
expresstech
|
quiz_and_survey_master
|
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35949
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197736
|
8.8 |
HIGH
Network
|
xcloner
|
xcloner
|
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so woul…
|
CWE-863
Incorrect Authorization
|
CVE-2020-35948
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197737
|
7.4 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authentic…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35947
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197738
|
5.4 |
MEDIUM
Network
|
semperplugins
|
all_in_one_seo_pack
|
An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XS…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35946
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197739
|
8.8 |
HIGH
Network
|
elegant_themes
|
divi_extra
divi_builder
divi
|
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35945
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197740
|
8.8 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-35944
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
