Unrated severityNVD Advisory· Published Jan 30, 2026· Updated Mar 5, 2026

Navigate CMS 2.8.7 - Cross-Site Request Forgery

CVE-2020-37054

Description

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.

Affected products

WordPress/Navigate CMSllm-fuzzy
Range: <=2.8.7
Package: https://wordpress.org/plugins/navigate-cms
Naviwebs S.C./Navigate CMSv5
Range: 2.8.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/48548mitreexploit
www.vulncheck.com/advisories/navigate-cms-cross-site-request-forgerymitrethird-party-advisory
sourceforge.net/projects/navigatecmsmitreproduct
www.navigatecms.com/en/homemitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000