13 matches found
CVE-2024-1658
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Grid Shortcodes < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Grid Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
CVE-2024-29797
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1...
CVE-2024-29797
CVE-2024-29797 is a stored XSS vulnerability in the WordPress Grid Shortcodes plugin by WP Darko, affecting Grid Shortcodes versions from n/a up to 1.1. The issue is described as Stored XSS via the shortcode, but the provided documents do not specify exploit vectors, affected site behaviors, user...
CVE-2024-29797 WordPress Grid Shortcodes plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1...
WordPress Plugin Grid Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Grid Shortcodes Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Grid Shortcodes Type Plugin Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29797 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 001d3493f64b Credits Ngô Thiên An ancorn from VNPT-VCI Requir...
CVE-2024-1658
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-1658
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-1658
CVE-2024-1658 affects the Grid Shortcodes WordPress plugin prior to 1.1.1. The root cause is that the plugin does not validate and escape certain shortcode attributes before outputting them in a page/post, enabling a Stored XSS when the shortcode is embedded. Impact: users with the contributor ro...
WordPress Plugin Grid Shortcodes Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC GDCrow GDCcolumn size='"...
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks GDCrow GDCcolumn size='"...