Unrated severityNVD Advisory· Published May 28, 2020· Updated Aug 4, 2024
CVE-2020-13643
CVE-2020-13643
Description
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Page Builder plugindescription
- Range: <2.10.16
Patches
Vulnerability mechanics
References
2- wordpress.org/plugins/siteorigin-panels/mitrex_refsource_MISC
- www.wordfence.com/blog/2020/05/vulnerabilities-patched-in-page-builder-by-siteorigin-affects-over-1-million-sites/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.