Grid Kit Premium < 2.1.2 – Reflected Cross-Site Scripting

Description

The plugin does not escape generated URLs before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.

PS: The original advisory mentions the issue being in photo-gallery, however it is not the case.

Proof of Concept

On a page where there is a gallery embed, append a'-alert(/XSS/)//=1

e.g: https://example.com/photo-gallery/?a'-alert(/XSS/)//=1

Affects Plugins

grid-kit-premium

Fixed in 2.1.2

References

URL

https://packetstormsecurity.com/files/#168752/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.1 (high)

Miscellaneous

Original Researcher

CraCkEr

Verified

Yes

WPVDB ID

6740c33e-9fd1-4d50-a6ef-b4f04a1004fd

Timeline

Publicly Published

2022-10-18 (about 3 years ago)

Added

2022-10-19 (about 3 years ago)

Last Updated

2023-06-16 (about 2 years ago)

Other

Published

Title

Published

2025-04-01

Title

Arrow Custom Feed for Twitter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2017-04-26

Title

Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF

Published

2025-07-23

Title

WP Get The Table < 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

Published

2024-10-17

Title

Advanced Category and Custom Taxonomy Image < 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_tax_image Shortcode

Published

2024-12-11

Title

Simple Payment < 2.3.8 - Reflected Cross-Site Scripting