CVE-2020-13643

HIGH

SiteOrigin Page Builder < 2.10.16 - Cross-Site Request Forgery via Live Editor Panels Data

Title source: llm
STIX 2.1

Description

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0081
EPSS Percentile 52.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
siteorigin/page_builder < 2.10.16
Published May 28, 2020
Tracked Since Feb 18, 2026