|
201131
|
6.5 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect user…
|
NVD-CWE-noinfo
|
CVE-2020-35952
|
2024-11-21 14:28 |
2021-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201132
|
9.9 |
CRITICAL
Network
|
expresstech
|
quiz_and_survey_master
|
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offl…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35951
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201133
|
8.8 |
HIGH
Network
|
xcloner
|
xcloner
|
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).
|
CWE-352
Origin Validation Error
|
CVE-2020-35950
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201134
|
9.8 |
CRITICAL
Network
|
expresstech
|
quiz_and_survey_master
|
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35949
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201135
|
8.8 |
HIGH
Network
|
xcloner
|
xcloner
|
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so woul…
|
CWE-863
Incorrect Authorization
|
CVE-2020-35948
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201136
|
7.4 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authentic…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35947
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201137
|
5.4 |
MEDIUM
Network
|
semperplugins
|
all_in_one_seo_pack
|
An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XS…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35946
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201138
|
8.8 |
HIGH
Network
|
elegant_themes
|
divi_extra
divi_builder
divi
|
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35945
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201139
|
8.8 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-35944
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201140
|
8.8 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of d…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35939
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
