WordPress · Post Grid Master · CVE-2025-5084
**Name of the Vulnerable Software and Affected Versions**
Post Grid Master versions prior to 3.4.14
**Description**
The Post Grid Master plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, potentially executing if a user is tricked into performing an action, such as clicking a link. The vulnerability resides in the `argsArray['read more text']` parameter.
**Recommendations**
Update Post Grid Master to version 3.4.14 or later.