CVE-2022-0447

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.4MEDIUM
EPSS
0.3%
top 48.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Post GridPickplugins Post Grid
Timeline
PublishedApr 11
Latest updateApr 12

Description

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages2 packages

NVDpickplugins/post_grid< 2.1.16
CVEListV5unknown/post_grid2.1.162.1.16

🔴Vulnerability Details

2
GHSA
GHSA-rgf7-3xqq-822p: The Post Grid WordPress plugin before 22022-04-12
CVEList
Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types2022-04-11
CVE-2022-0447 (MEDIUM CVSS 6.4) | The Post Grid WordPress plugin befo | cvebase.io