CVE-2021-24986

Name of the Vulnerable Software and Affected Versions Post Grid WordPress plugin versions prior to 2.1.16

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the keyword parameter is not properly escaped before being outputted back in an attribute. This specifically happens in pages that contain a Post Grid with a search form.

Recommendations For versions prior to 2.1.16, update to version 2.1.16 or later to resolve the issue. As a temporary workaround, consider restricting the use of search forms in Post Grid pages until the update is applied.