vulnerability

WordPress Theme: 15zine: CVE-2020-36510: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Sep 21, 2020	Dec 8, 2025	Dec 8, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Sep 21, 2020

Added

Dec 8, 2025

Modified

Dec 8, 2025

Description

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting

Solution

15zine-theme-cve-2020-36510

References

URL-https://www.cve.org/CVERecord?id=CVE-2020-36510
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/ad5c8eb8-8e58-4bed-a39c-b54e2cfd9cd3?source=api-prod
CVE-2020-36510
https://attackerkb.com/topics/CVE-2020-36510
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today