Post Grid WordPress Plugin Flaws Allow Site Takeovers – Threatpost

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations.

The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Both bugs are pending CVE…


More Info

About mblog.my

Check Also

WordPress Considers Dropping Support for IE 11

High Maintenance for Developers Downsides of Dropping Support WordPress is Seeking Feedback Citation WordPress announced …

Leave a Reply

Your email address will not be published. Required fields are marked *