WordPress Plugin Vulnerabilities

Post Grid < 2.0.73 & Team Showcase < 1.22.16 - Authenticated Stored Cross-Site Scripting (XSS)

Description

Ram Gall from Wordfence discovered an authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in the Post Grid and Team Showcase WordPress plugins.

Affects Plugins

post-grid

Fixed in version 2.0.73

team

Fixed in version 1.22.16

References

CVE

CVE-2020-35936

CVE

CVE-2020-35937

URL

https://www.wordfence.com/blog/2020/10/high-severity-vulnerabilities-in-post-grid-and-team-showcase-plugins/

URL

https://plugins.trac.wordpress.org/changeset/2383813/post-grid

URL

https://plugins.trac.wordpress.org/changeset/2383826/team

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Ram Gall (Wordfence)

Verified

WPVDB ID

2fa410a8-2b2a-421c-bcab-d5d9dec8b542

Timeline

Publicly Published

2020-10-05 (about 2 years ago)

Added

2020-10-05 (about 2 years ago)

Last Updated

2021-01-03 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin