CVE-2024-1658

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Grid Shortcodes < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Grid Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

CVE-2024-29797

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1...

CVE-2024-29797 WordPress Grid Shortcodes plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1...

CVE-2024-29797

CVE-2024-29797 is a stored XSS vulnerability in the WordPress Grid Shortcodes plugin by WP Darko, affecting Grid Shortcodes versions from n/a up to 1.1. The issue is described as Stored XSS via the shortcode, but the provided documents do not specify exploit vectors, affected site behaviors, user...

WordPress Plugin Grid Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Grid Shortcodes Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Grid Shortcodes Type Plugin Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29797 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 001d3493f64b Credits Ngô Thiên An ancorn from VNPT-VCI Requir...

CVE-2024-1658

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-1658

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-1658

CVE-2024-1658 affects the Grid Shortcodes WordPress plugin prior to 1.1.1. The root cause is that the plugin does not validate and escape certain shortcode attributes before outputting them in a page/post, enabling a Stored XSS when the shortcode is embedded. Impact: users with the contributor ro...

WordPress Plugin Grid Shortcodes Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC GDCrow GDCcolumn size='"...

Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks GDCrow GDCcolumn size='"...