Stored Cross-Site Scripting Vulnerability in Post Grid Plugin for WordPress
CVE-2020-35936
7.5HIGH
Summary
The Post Grid plugin for WordPress, prior to version 2.0.73, contains a Stored Cross-Site Scripting (XSS) vulnerability. This flaw allows remote authenticated attackers to inject malicious JavaScript code via AJAX when importing layouts. The attacker must specify a crafted payload hosted externally in the 'source' parameter, which can potentially compromise the site when executed. This vulnerability underscores the importance of updating and securing your WordPress plugins.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved