CVE-2024-3635 The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation

2024-09-3006:00:05

WPScan

www.cve.org

cve-2024-3635; post grid; wordpress plugin; stored xss; grid creation; high privilege users; editor; cross-site scripting; unfiltered html; multisite setup

JSON

The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "The Post Grid",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "7.5.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/63cbe5f4-fe0f-499f-a964-cf4fbedcfa25/

JSON

Related for CVELIST:CVE-2024-3635