WordPress Post Grid 2.1.1 Cross Site Scripting

WordPress Post Grid plugin version 2.1.1 suffers from a cross site scripting vulnerability.

MD5 | 85628ff2b2ff802217eaad1f5710e2e8

# Exploit Title: WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
# Date: 3/16/2021
# Author: 0xB9
# Software Link: https://wordpress.org/plugins/post-grid/
# Version: 2.1.1
# Tested on: Windows 10
# CVE: CVE-2021-24488

1. Description:
This plugin creates a post grid from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

2. Proof of Concept:

Related Posts