CVE-2020-35936

Name of the Vulnerable Software and Affected Versions: Post Grid plugin versions prior to 2.0.73 for WordPress

Description: The issue allows remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX, where the action must be set to post grid import xml layouts. This enables Stored Cross-Site Scripting (XSS) attacks.

Recommendations: For versions prior to 2.0.73, update to version 2.0.73 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoint or disabling the import layout feature until the update is applied. Avoid using the source parameter in the affected AJAX endpoint until the issue is resolved.