WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)

vendor:

Post Grid

by:

0xB9

6.1

CVSS

MEDIUM

Cross Site Scripting (XSS)

CWE

Product Name: Post Grid

Affected Version From: 2.1.2001

Affected Version To: 2.1.2001

Patch Exists: YES

Related CWE: CVE-2021-24488

CPE: 2.3:a:wordpress:post_grid:2.1.1

Metasploit:

Other Scripts:

Tags: authenticated,wpscan,cve,cve2021,xss,wp,wordpress,wp-plugin

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Nuclei References: https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a, https://nvd.nist.gov/vuln/detail/CVE-2021-24488

Nuclei Metadata: {'max-request': 2, 'framework': 'wordpress', 'vendor': 'pickplugins', 'product': 'post_grid'}

Platforms Tested: Windows 10

2021

WordPress Plugin Post Grid 2.1.1 – Cross Site Scripting (XSS)

This plugin creates a post grid from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

Mitigation:

Upgrade to version 2.1.2 or later.

Source

WordPress Plugin Post Grid 2.1.1 – Cross Site Scripting (XSS)

Mitigation:

Exploit-DB raw data: