|
198101
|
8.8 |
HIGH
Network
|
xcloner
|
xcloner
|
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so woul…
|
CWE-863
Incorrect Authorization
|
CVE-2020-35948
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198102
|
7.4 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authentic…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35947
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198103
|
5.4 |
MEDIUM
Network
|
semperplugins
|
all_in_one_seo_pack
|
An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XS…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35946
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198104
|
8.8 |
HIGH
Network
|
elegant_themes
|
divi_extra
divi_builder
divi
|
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35945
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198105
|
8.8 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-35944
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198106
|
8.8 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of d…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35939
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198107
|
8.8 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data s…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35938
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198108
|
8.0 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a r…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35937
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198109
|
8.0 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remote…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35936
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198110
|
8.8 |
HIGH
Network
|
vasyltech
|
advanced_access_manager
|
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism …
|
NVD-CWE-noinfo
|
CVE-2020-35935
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
