Lucene search
WPScanCVE-2024-1658HistoryMar 18, 2024 - 4:15 p.m.
CVE-2024-1658
2024-03-1816:15:07
WPScan
web.nvd.nist.gov
42
cve-2024-1658
grid shortcodes
wordpress plugin
stored xss
nvd
security vulnerability
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected configurations
Node
grid_shortcodesRange<1.1.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | grid_shortcodes | * | cpe:2.3:a:*:grid_shortcodes:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Grid Shortcodes",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.1.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-02-26 00:00:00
cvelist
cvelist
CVE-2024-1658 Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-03-18 15:15:26
vulnrichment
vulnrichment
CVE-2024-1658 Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-03-18 15:15:26
nvd
nvd
CVE-2024-1658
2024-03-18 16:15:07
wpexploit
wpexploit
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-02-26 00:00:00