2 matches found
CVE-2023-5250
CVE-2023-5250 affects Grid Plus WordPress plugin up to version 1.3.2, with Local File Inclusion via a shortcode attribute. This allows subscriber-level and higher attackers to include and execute PHP code from server files (limited to .php files), potentially bypassing access controls or enabling...
CVE-2023-5251
The CVE-2023-5251 entry concerns the Grid Plus WordPress plugin. The issue is a missing capability check in grid_plus_save_layout_callback and grid_plus_delete_callback, affecting versions up to and including 1.3.2. This allows authenticated users with subscriber privileges or higher to add, upda...