The plugin does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Make a logged in admin open one of the URL below https://example.com/wp-admin/admin.php?page=grid-kit-product-reviews&a;“> https://example.com/wp-admin/admin.php?page=grid-kit-product-enquiries&”> Make a logged in admin open a page containing the HTML code below Requires at least one gallery to be present Other vulnerable URL (when at least one item in the table): - https://example.com/wp-admin/admin.php?page=grid-kit-product-enquiries - https://example.com/wp-admin/admin.php?page=grid-kit-product-reviews
CPE | Name | Operator | Version |
---|---|---|---|
grid-kit-premium | lt | 2.2.0 |