Cross-site Scripting Vulnerability in G5Theme Grid Plus Plugin
CVE-2025-53352
7.1HIGH
What is CVE-2025-53352?
A Cross-site Scripting (XSS) vulnerability has been identified in the G5Theme Grid Plus plugin, allowing attackers to inject malicious scripts into web pages. This vulnerability is exploited through improper neutralization of input during web page generation, leading to reflected XSS attacks. Affected versions include Grid Plus from its initial release up to version 3.3, posing potential security risks to users and their data.
Affected Version(s)
Grid Plus <= n/a
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) (Patchstack Alliance)