What is CVE-2020-13643?

CVE-2020-13643 is a high-severity vulnerability in Siteorigin Page_builder, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2020-05-28.

How severe is CVE-2020-13643?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2020-13643 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

CSRF in Siteorigin Page_builder

CVE-2020-13643

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.008 (52.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Siteorigin Page_builder
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

Public proof-of-concept exploits

20142995/nuclei-templates

References

cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Third Party Advisory, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2020-13643?: CVE-2020-13643 is a high-severity vulnerability in Siteorigin Page_builder, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2020-05-28.
How severe is CVE-2020-13643?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2020-13643 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.