|
208281
|
8.8 |
HIGH
Network
|
xcloner
|
xcloner
|
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).
|
CWE-352
Origin Validation Error
|
CVE-2020-35950
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208282
|
9.8 |
CRITICAL
Network
|
expresstech
|
quiz_and_survey_master
|
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35949
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208283
|
8.8 |
HIGH
Network
|
xcloner
|
xcloner
|
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so woul…
|
CWE-863
Incorrect Authorization
|
CVE-2020-35948
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208284
|
7.4 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authentic…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35947
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208285
|
5.4 |
MEDIUM
Network
|
semperplugins
|
all_in_one_seo_pack
|
An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XS…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35946
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208286
|
8.8 |
HIGH
Network
|
elegant_themes
|
divi_extra
divi_builder
divi
|
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35945
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208287
|
8.8 |
HIGH
Network
|
pagelayer
|
pagelayer
|
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-35944
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208288
|
8.8 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of d…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35939
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208289
|
8.8 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data s…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-35938
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208290
|
8.0 |
HIGH
Network
|
pickplugins
|
team_showcase
post_grid
|
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a r…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35937
|
2024-11-21 14:28 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
