CVE-2021-24488

Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)

EPSS 11.3%CWE-79

Vexday Risk Score

43Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 11.3%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Lifecycle

02 Aug 2021Published on NVD

02 Feb 2022Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues

Affected products

Unknown · Post Grid

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/50705unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a