CyberSec.Space Logo
Back to CVE Browser

CVE-2021-4450

HIGH
8.8
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile30.66th
PublishedOct 16, 2024
Last ModifiedOct 30, 2024

Vulnerability Description

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected Platforms (CPE)

📦
Pickplugins

Post Grid

<= 2.1.12

References & Advisories

🔗 https://plugins.trac.wordpress.org/changeset/2644269
🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/a321b112-ce37-4a0e-800f-f3feef6ac799?source=cve

Related Vulnerabilities

CVE-2020-359387.5

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to i...

CVE-2020-359367.5

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated a...

CVE-2021-246526.5

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in ...

CVE-2021-244886.1

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly saniti...