Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-35939 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. | |||||
CVE-2020-35938 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. | |||||
CVE-2020-35937 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. | |||||
CVE-2020-35936 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. | |||||
CVE-2024-44002 | 1 Pickplugins | 1 Team Showcase | 2024-09-25 | N/A | 6.1 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25. |