CVE-2025-53352 WordPress Grid Plus plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Grid Plus grid-plus allows Reflected XSS.This issue affects Grid Plus: from n/a through = 3.3...

WordPress plugin Grid Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2023-57576

Malicious code in bioql PyPI...

EUVD-2024-33548

Malicious code in bioql PyPI...

CVE-2024-10910

The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category

The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...

WordPress plugin Grid Plus 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2023-5250

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

CVE-2023-5251

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

Design/Logic Flaw

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

CVE-2023-5251 Grid Plus <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

CVE-2023-5251

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

CVE-2023-5250 Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Broken Access Control

Software Grid Plus Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34014 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd240d0353de Credits Abdi Pranata Required privilege...

PT-2023-31975 · WordPress · Grid Plus

Name of the Vulnerable Software and Affected Versions: The Grid Plus plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows unauthorized modification of data and loss of data due to a missing capability check on the grid plus save layout callback and grid plus...

PT-2023-31974 · WordPress · Grid Plus

Name of the Vulnerable Software and Affected Versions: The Grid Plus plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows attackers with subscriber-level or higher access to include and execute arbitrary PHP files on the server via a shortcode attribute. This ca...

WordPress Grid Plus Plugin <= 1.3.3 is vulnerable to Local File Inclusion

Software Grid Plus Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-5250 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID a64dc6db3b2e Credits István Márton Required privilege Subscriber...

CVE-2023-46209

Unauth. Reflected Cross-Site Scripting XSS vulnerability in G5Theme Grid Plus – Unlimited grid plugin = 1.3.2 versions...

CVE-2023-46209 WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in G5Theme Grid Plus – Unlimited grid plugin = 1.3.2 versions...

WordPress Grid Plus Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Grid Plus Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46209 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 08eeb73facf3 Credits Le Ngoc Anh Required...