CVE-2024-1658

Name of the Vulnerable Software and Affected Versions The Grid Shortcodes WordPress plugin versions prior to 1.1.1

Description The issue concerns the Grid Shortcodes WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attacks could potentially allow malicious scripts to be executed and may enable the creation of admin accounts using a simple shortcode.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcodes to minimize the risk of exploitation. Additionally, limiting user roles and permissions can help reduce the potential impact of this issue until a patch is applied.