Post Grid WordPress Plugin Flaws Allow Site Takeovers – Threatpost

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations.

The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Both bugs are pending CVE…


More Info

About mblog.my

Check Also

Loginizer WordPress Vulnerability Affects +1 Million Sites

WordPress Loginizer Plugin has issued a security patch for a vulnerability that could allow a …

Leave a Reply

Your email address will not be published. Required fields are marked *