PT-2022-13191 · WordPress · Post Grid
Krzysztof Zając
·
Published
2022-04-11
·
Updated
2022-04-15
·
CVE-2022-0447
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Post Grid WordPress plugin versions prior to 2.1.16
Description
The issue concerns a Reflected Cross-Site Scripting problem. It arises because the
post types parameter is not properly sanitised and escaped before being output in the response to the post grid update taxonomies terms by posttypes AJAX action. This action is accessible to any authenticated users.Recommendations
For versions prior to 2.1.16, update to version 2.1.16 or later to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Post Grid