Security Advisory

CVE-2020-13643

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-05-28 03:11:48

Last updated 2024-08-04 12:25:16

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victims browser.

← Browse all CVEs View on cve.org ↗