EUVD-2023-43967

Malicious code in bioql PyPI...

CVE-2023-3292

The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Cross site scripting

The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-3292

CVE-2023-3292 affects the WordPress plugin grid-kit-premium prior to 2.2.0. The root cause is failure to escape certain parameters and generated URLs before output in attributes, enabling Reflected Cross‑Site Scripting. Impact targets may include admin/high-privilege users. Remediation: upgrade t...

CVE-2023-3292 Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting

The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin grid-kit-premium 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-24095 · WordPress · Grid-Kit-Premium

Name of the Vulnerable Software and Affected Versions: grid-kit-premium WordPress plugin versions prior to 2.2.0 Description: The issue concerns Reflected Cross-Site Scripting, where some parameters and generated URLs are not properly escaped before being outputted in attributes. This could be...

WordPress Grid Kit Premium Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Grid Kit Premium Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3292 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75b7f5364596 Credits Erwan LR WPScan...

Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting

The plugin does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open one of the URL below...

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various pages, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=grid-kit&action=edit&id=...

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various pages, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=grid-kit=edit=...

WordPress Grid Kit Premium plugin <= 1.8.53 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by CraCkEr in WordPress Grid Kit Premium plugin versions = 1.8.53. Solution No patched version available...

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. PS: The original advisory mentions the issue being in photo-gallery, however it is not the case. PoC On a page where there is a gallery embed, append a'-alert/XSS///=1...