CVE-2020-35936

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

8.0HIGH

EPSS

1.3%

top 20.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pickplugins Post Grid Pickplugins Team Showcase

Timeline

PublishedJan 1

Latest updateMay 24

Description

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDpickplugins/post_grid< 2.0.73

▶NVDpickplugins/team_showcase< 1.22.16

🔴Vulnerability Details

GHSA

GHSA-f73m-j2hx-pp49: Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2↗2022-05-24

▶

CVEList

CVE-2020-35936: Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2↗2021-01-01

▶