51 matches found
CVE-2023-34014 WordPress Grid Plus plugin <= 1.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2...
WordPress plugin Grid Plus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-12461 · Unknown · G5Theme Grid Plus
Name of the Vulnerable Software and Affected Versions: G5Theme Grid Plus versions 1.3.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.3.2 and...
CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...
WordPress Grid Plus plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category vulnerability
Unauthenticated Arbitrary Shortcode Execution via gridplusloadbycategory vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Grid Plus versions = 1.3.5...
WordPress plugin Grid Plus 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
Grid Plus < 1.3.4 - Subscriber+ Local File Inclusion
Description The plugin does not properly validate and sanitize shortcode attributes, leading to a Local File Inclusion vulnerability. This flaw could enable attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls, exposing sensitive data, or...
CVE-2023-5251
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...
CVE-2023-5250
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...
CVE-2023-5251
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...
Design/Logic Flaw
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...
Design/Logic Flaw
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...
CVE-2023-5251 Grid Plus <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...
CVE-2023-5251
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...
CVE-2023-5250
CVE-2023-5250 affects Grid Plus WordPress plugin up to version 1.3.2, with Local File Inclusion via a shortcode attribute. This allows subscriber-level and higher attackers to include and execute PHP code from server files (limited to .php files), potentially bypassing access controls or enabling...
CVE-2023-5250 Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...
WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Broken Access Control
Software Grid Plus Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34014 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd240d0353de Credits Abdi Pranata Required privilege...
PT-2023-31975 · WordPress · Grid Plus
Name of the Vulnerable Software and Affected Versions: The Grid Plus plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows unauthorized modification of data and loss of data due to a missing capability check on the grid plus save layout callback and grid plus...
WordPress Plugin Grid Plus Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-31974 · WordPress · Grid Plus
Name of the Vulnerable Software and Affected Versions: The Grid Plus plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows attackers with subscriber-level or higher access to include and execute arbitrary PHP files on the server via a shortcode attribute. This ca...