Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks, CVE-2020-35938

CVE, Research URL: CVE-2020-35938
Home page URL: Security reports for Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Application: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Published on: Jan 01, 2021
Research Description: PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
Affected versions: Min -, max 2.0.73.
Status: vulnerable

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel &#8211; Combo Blocks, CVE-2020-35938