An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-28T03:11:48
Updated: 2024-08-04T12:25:16.534Z
Reserved: 2020-05-27T00:00:00
Link: CVE-2020-13643
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-05-28T04:15:13.237
Modified: 2024-11-21T05:01:40.000
Link: CVE-2020-13643
Redhat
No data.