Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting

2023-07-1000:00:00

wpscan.com

grid kit premium

cross-site scripting

attributes

security

admin

url

plugin

vulnerable

parameters

0.0005 Low

EPSS

Percentile

17.1%

JSON

The plugin does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PoC

Make a logged in admin open one of the URL below https://example.com/wp-admin/admin.php?page=grid-kit-product-reviews&a;“> https://example.com/wp-admin/admin.php?page=grid-kit-product-enquiries&”> Make a logged in admin open a page containing the HTML code below Requires at least one gallery to be present Other vulnerable URL (when at least one item in the table): - https://example.com/wp-admin/admin.php?page=grid-kit-product-enquiries - https://example.com/wp-admin/admin.php?page=grid-kit-product-reviews

CPENameOperatorVersion
grid-kit-premiumlt2.2.0

CPE	Name	Operator	Version
	grid-kit-premium	lt	2.2.0

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for WPVDB-ID:D993C385-C3AD-49A6-B079-3A1B090864C8