CVE-2020-13643
Summary
| CVE | CVE-2020-13643 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-05-28 04:15:00 UTC |
| Updated | 2020-05-28 19:24:00 UTC |
| Description | An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Siteorigin | Page Builder | All | All | All | All |
| Application | Siteorigin | Page Builder | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Page Builder by SiteOrigin – WordPress plugin | WordPress.org | MISC | wordpress.org | Release Notes, Third Party Advisory |
| Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites | MISC | www.wordfence.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.