Deserialization in Pickplugins Post_grid
CVE-2020-35938
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted pay…
Vulnerability class: Insecure Deserialization
EPSS: 0.021 (79.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Pickplugins Post_grid
- Pickplugins Team_showcase
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-35938?
- CVE-2020-35938 is a high-severity vulnerability in Pickplugins Post_grid, classified under Deserialization of Untrusted Data. CVSS score: 7.5/10. Published 2021-01-01.
- How severe is CVE-2020-35938?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2020-35938 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.