Unauthorized Data Modification in Grid Plus Plugin for WordPress
CVE-2023-5251

5.4MEDIUM

Key Information:

Vendor
Wordpress
Status
Grid Plus – Unlimited grid layout
Vendor
CVE Published:
30 October 2023

Summary

The Grid Plus plugin for WordPress suffers from a vulnerability that allows authenticated users with subscriber privileges or higher to bypass necessary capability checks. This flaw enables attackers to manipulate grid layouts by adding, updating, or deleting data without proper authorization, potentially leading to significant data loss and compromised site integrity. The affected versions include all releases up to and including 1.3.2. Website administrators should prioritize updating their plugins to ensure their sites remain secure.

Affected Version(s)

Grid Plus – Unlimited grid layout * <= 1.3.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/grid-plus/tags...
https://plugins.trac.wordpress.org/browser/grid-plus/tags...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.