Post Grid WordPress Plugin Flaws Allow Site Takeovers – Threatpost

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations.

The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Both bugs are pending CVE…


More Info

About mblog.my

Check Also

Log Into WordPress By Touch or Face ID Via the Passwordless WP Plugin – WordPress Tavern

Last week, WP Busters released its first plugin titled Passwordless WP. It is a project …

Leave a Reply

Your email address will not be published. Required fields are marked *