← volver
CVE-2020-13642

CVE-2020-13642

CVSS 8.8 HIGHEPSS 0.8%
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.
CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wordpress.org/plugins/siteorigin-panels/#developershttps://www.wordfence.com/blog/2020/05/vulnerabilities-patched-in-page-builder-by-siteorigin-affects-over-1-million-sites/