CVE-2020-35947

Published: Jan 1, 2021Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Exploitability: 3.1 / Impact: 3.7

Source: NVD

Description

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur.

Affected (1)

Products: Pagelayer: Pagelayer

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pagelayer Pagelayer	Before 1.1.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://wpscan.com/vulnerability/10239

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://wpscan.com/vulnerability/10239

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.