|
207761
|
8.8 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-35944
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207762
|
8.8 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of d…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35939
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207763
|
8.8 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data s…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35938
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207764
|
8.0 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a r…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35937
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207765
|
8.0 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remote…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35936
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207766
|
8.8 |
HIGH
Network
|
vasyltech
|
advanced_access_manager
|
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism …
|
NVD-CWE-noinfo
|
CVE-2020-35935
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207767
|
4.3 |
MEDIUM
Network
|
vasyltech
|
advanced_access_manager
|
The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). Th…
|
CWE-200
Information Exposure
|
CVE-2020-35934
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207768
|
6.5 |
MEDIUM
Network
|
thenewsletterplugin
|
newsletter
|
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX req…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35933
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207769
|
8.8 |
HIGH
Network
|
tribulant
|
newsletter
|
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35932
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207770
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-35931
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
