CVE-2021-24488

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.0640%

EPSS Percentile14.05th

PublishedAug 2, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues

Affected Platforms (CPE)

📦

Pickplugins

Post Grid

< 2.1.8

References & Advisories

🔗 https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a

Related Vulnerabilities

CVE-2021-44508.8

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12...

CVE-2020-359367.5

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated a...

CVE-2020-359387.5

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to i...

CVE-2021-246526.5

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in ...