WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Post Grid < 2.0.73 & Team Showcase < 1.22.16 - PHP Object Injection

Description

Ram Gall from Wordfence discovered an authenticated (subscriber+) PHP Object Injection vulnerability in the Post Grid and Team Showcase WordPress plugins.

Affects Plugins

post-grid
Fixed in version 2.0.73
team
Fixed in version 1.22.16

References

CVE
CVE-2020-35938
CVE
CVE-2020-35939
URL
https://www.wordfence.com/blog/2020/10/high-severity-vulnerabilities-in-post-grid-and-team-showcase-plugins/
URL
https://plugins.trac.wordpress.org/changeset/2383813/post-grid
URL
https://plugins.trac.wordpress.org/changeset/2383826/team

Classification

Type

OBJECT INJECTION

OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Original Researcher

Ram Gall (Wordfence)

Verified

No

WPVDB ID
dd44c3f3-fe47-414c-976a-2ba73c47dec8

Timeline

Publicly Published

2020-10-05 (about 2 years ago)

Added

2020-10-05 (about 2 years ago)

Last Updated

2021-01-02 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin