{"vulnerability": "CVE-2020-3594", "sightings": [{"uuid": "f0f37349-80c4-4604-a426-2e9f07d71db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35942", "type": "seen", "source": "https://t.me/cibsecurity/23320", "content": "\u203c CVE-2020-35942 \u203c\n\nA Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-09T20:46:43.000000Z"}, {"uuid": "e800766c-3573-4ea0-afce-542c44473940", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35948", "type": "published-proof-of-concept", "source": "Telegram/eMoVbCeI-n-jaFKeB-W9ZjnKBEe6KGFrv-r960DcFriPRg", "content": "", "creation_timestamp": "2021-07-10T16:29:07.000000Z"}, {"uuid": "c7fe0a5c-d6c2-4c16-a4f6-2637d803c1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35943", "type": "seen", "source": "https://t.me/cibsecurity/23317", "content": "\u203c CVE-2020-35943 \u203c\n\nA Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-09T20:46:40.000000Z"}, {"uuid": "e0f2b4a3-4f0c-44e5-978e-1caa78bf22ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35948", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/732", "content": "CVE-2020-35948 wordpress Plugin XCloner 4.2.12 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-35948_wordpress_Plugin_XCloner_4.2.12_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:42:20.000000Z"}, {"uuid": "5f751022-0967-4671-892e-e608e224dba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35946", "type": "seen", "source": "https://t.me/cibsecurity/21488", "content": "\u203c CVE-2020-35946 \u203c\n\nAn issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-01T07:32:26.000000Z"}, {"uuid": "718920c7-1be0-453f-8739-61f36fac03a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35945", "type": "seen", "source": "https://t.me/cibsecurity/21487", "content": "\u203c CVE-2020-35945 \u203c\n\nAn issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-01T07:32:25.000000Z"}, {"uuid": "b4b86a1d-04b9-4acd-bbcc-2b78cbc5eace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35944", "type": "seen", "source": "https://t.me/cibsecurity/21501", "content": "\u203c CVE-2020-35944 \u203c\n\nAn issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-01T07:32:44.000000Z"}, {"uuid": "cd648adc-cdc2-49bb-9fd0-d135c5e63707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35948", "type": "seen", "source": "https://t.me/cibsecurity/21489", "content": "\u203c CVE-2020-35948 \u203c\n\nAn issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-01T07:32:27.000000Z"}, {"uuid": "fa352e44-957a-42da-895d-78dd1bc830f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3594", "type": "seen", "source": "https://t.me/cibsecurity/16006", "content": "\u203c CVE-2020-3594 \u203c\n\nA vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-06T22:51:24.000000Z"}]}