Lucene search
K

51 matches found

Cvelist
Cvelist
added 2024/12/13 2:23 p.m.46 views

CVE-2023-34014 WordPress Grid Plus plugin <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2...

5.4CVSS0.00429EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.6 views

WordPress plugin Grid Plus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.5AI score0.00429EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.3 views

PT-2024-12461 · Unknown · G5Theme Grid Plus

Name of the Vulnerable Software and Affected Versions: G5Theme Grid Plus versions 1.3.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.3.2 and...

5.4CVSS7AI score0.00429EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 4:23 a.m.27 views

CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category

The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...

7.3CVSS0.00575EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/12/12 12:48 a.m.3 views

WordPress Grid Plus plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category vulnerability

Unauthenticated Arbitrary Shortcode Execution via gridplusloadbycategory vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Grid Plus versions = 1.3.5...

7.3CVSS7.1AI score0.00575EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.3 views

WordPress plugin Grid Plus 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

7.3CVSS9.1AI score0.00575EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.23 views

Grid Plus < 1.3.4 - Subscriber+ Local File Inclusion

Description The plugin does not properly validate and sanitize shortcode attributes, leading to a Local File Inclusion vulnerability. This flaw could enable attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls, exposing sensitive data, or...

8.8CVSS8.8AI score0.01107EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/30 2:15 p.m.3 views

CVE-2023-5251

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

5.4CVSS7.3AI score0.00473EPSS
Exploits0References3
OSV
OSV
added 2023/10/30 2:15 p.m.5 views

CVE-2023-5250

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

8.8CVSS7.8AI score0.01107EPSS
Exploits0References2
NVD
NVD
added 2023/10/30 2:15 p.m.24 views

CVE-2023-5251

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

5.4CVSS5.2AI score0.00473EPSS
Exploits0References4
Prion
Prion
added 2023/10/30 2:15 p.m.18 views

Design/Logic Flaw

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

6.5CVSS8.9AI score0.01107EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/30 2:15 p.m.21 views

Design/Logic Flaw

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

5.5CVSS5.4AI score0.00473EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/30 1:49 p.m.32 views

CVE-2023-5251 Grid Plus <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

5.4CVSS5.5AI score0.00473EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/10/30 1:49 p.m.10 views

CVE-2023-5251

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

5.4CVSS5.2AI score0.00473EPSS
Exploits0References3
CVE
CVE
added 2023/10/30 1:48 p.m.59 views

CVE-2023-5250

CVE-2023-5250 affects Grid Plus WordPress plugin up to version 1.3.2, with Local File Inclusion via a shortcode attribute. This allows subscriber-level and higher attackers to include and execute PHP code from server files (limited to .php files), potentially bypassing access controls or enabling...

8.8CVSS7.8AI score0.01107EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/30 1:48 p.m.27 views

CVE-2023-5250 Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

8.8CVSS9.1AI score0.01107EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/10/30 12:0 a.m.13 views

WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Broken Access Control

Software Grid Plus Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34014 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd240d0353de Credits Abdi Pranata Required privilege...

6.5AI score0.00429EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.3 views

PT-2023-31975 · WordPress · Grid Plus

Name of the Vulnerable Software and Affected Versions: The Grid Plus plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows unauthorized modification of data and loss of data due to a missing capability check on the grid plus save layout callback and grid plus...

5.4CVSS6.1AI score0.00473EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/30 12:0 a.m.5 views

WordPress Plugin Grid Plus Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.4CVSS6.5AI score0.00473EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.5 views

PT-2023-31974 · WordPress · Grid Plus

Name of the Vulnerable Software and Affected Versions: The Grid Plus plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows attackers with subscriber-level or higher access to include and execute arbitrary PHP files on the server via a shortcode attribute. This ca...

8.8CVSS9.2AI score0.01107EPSS
Exploits0References6
Rows per page
Query Builder