Cross-Site Request Forgery Vulnerability in PageLayer Plugin by WordPress
CVE-2020-35944

8.8HIGH

Key Information:

Vendor

Wordpress
Status
Pagelayer
Vendor
CVE Published:
1 January 2021

What is CVE-2020-35944?

The PageLayer plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability in its pagelayer_settings_page function. This flaw could allow attackers to perform unauthorized actions as a logged-in user, potentially leading to the execution of unintended commands. If exploited, it may result in subsequent impact through Cross-Site Scripting (XSS) attacks, affecting over 200,000 WordPress sites. Users are urged to update to version 1.1.2 or later to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.wordfence.com/blog/2020/05/high-severity-vuln...
x_refsource_MISC
https://wpscan.com/vulnerability/10240
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.