Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-24488

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
6.1MEDIUM
EPSS
11.5%
top 6.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown Post GridPickplugins Post Grid
Timeline
PublishedAug 2
Latest updateMay 24

Description

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/post_grid2.1.82.1.8

🔴Vulnerability Details

2
GHSA
GHSA-grvg-w4gv-9v46: The slider import search feature and tab parameter of the Post Grid WordPress plugin before 22022-05-24
CVEList
Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)2021-08-02

💥Exploits & PoCs

2
Exploit-DB
WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)2022-02-02
Nuclei
WordPress Post Grid <2.1.8 - Cross-Site Scripting
CVE-2021-24488 (MEDIUM CVSS 6.1) | The slider import search feature an | cvebase.io