CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-35938

HIGH
7.5
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile43.51th
Published2021年1月1日
Last Modified2024年11月21日

Vulnerability Description

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.

Affected Platforms (CPE)

📦
Pickplugins

Post Grid

< 2.0.73
📦
Pickplugins

Team Showcase

< 1.22.16

References & Advisories

🔗 https://www.wordfence.com/blog/2020/10/high-severity-vulnerabilities-in-post-grid-and-team-showcase-plugins/
🔗 https://www.wordfence.com/blog/2020/10/high-severity-vulnerabilities-in-post-grid-and-team-showcase-plugins/

相關漏洞威脅

CVE-2021-44508.8

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12...

CVE-2020-359367.5

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated a...

CVE-2021-246526.5

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in ...

CVE-2021-244886.1

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly saniti...