Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.
Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations.
The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Both bugs are pending CVE…