CyberSec.Space Logo
Back to CVE Browser

CVE-2020-35936

HIGH
7.5
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile16.04th
PublishedJan 1, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.

Affected Platforms (CPE)

📦
Pickplugins

Post Grid

< 2.0.73
📦
Pickplugins

Team Showcase

< 1.22.16

References & Advisories

🔗 https://www.wordfence.com/blog/2020/10/high-severity-vulnerabilities-in-post-grid-and-team-showcase-plugins/
🔗 https://www.wordfence.com/blog/2020/10/high-severity-vulnerabilities-in-post-grid-and-team-showcase-plugins/

Related Vulnerabilities

CVE-2021-44508.8

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12...

CVE-2020-359387.5

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to i...

CVE-2021-246526.5

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in ...

CVE-2021-244886.1

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly saniti...