Description

WordPress Plugin SocialGrid is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WordPress Plugin SocialGrid version 2.3 is affected; other versions may also be vulnerable.

Remediation

Update to plugin version 2.4 or latest

References

http://www.securityfocus.com/bid/47501/exploit

http://sebug.net/paper/Exploits-Archives/2011-exploits/1104-exploits/socialgridwp-xss.txt

http://secunia.com/advisories/44256

Related Vulnerabilities

Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13435)

Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4906)

WordPress Plugin Wechat Broadcast Local/Remote File Inclusion (1.2.0)

Oracle JRE CVE-2017-10346 Vulnerability (CVE-2017-10346)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1884)

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update XSS