CVE-2024-9051
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
<p>Use WP Ultimate Post Grid to create responsive grids for your posts, pages or any custom post type. Optionally add an isotope filter for any taxonomy associated with those posts.</p>
<blockquote>
<p><strong>See this plugin in action!</strong><br />
Check out <a href="https://bootstrapped.ventures/wp-ultimate-post-grid/" rel="nofollow ugc">demos of our grids</a> and all of the <a href="https://help.bootstrapped.ventures/collection/7-wp-ultimate-post-grid" rel="nofollow ugc">plugin documentation</a> to learn more.</p>
</blockquote>
<p>An overview of the WP Ultimate Post Grid features:</p>
<ul>
<li><strong>Live Preview</strong> while building your grid</li>
<li>Use posts, pages or <strong>custom post types</strong> as the source</li>
<li>Grids are <strong>responsive</strong> and will look good on any device</li>
<li>Ability to set <strong>order by</strong> options</li>
<li>Link to the actual <strong>post or featured image</strong></li>
<li>Define <strong>custom links</strong> for posts</li>
<li>Define <strong>custom images</strong> for posts</li>
<li>Add an <strong>isotope filter</strong> for any taxonomy or custom field</li>
<li><strong>Deeplinking</strong> directly to a filtered grid</li>
<li>Grids and filters can be added anywhere with <strong>their own shortcode</strong></li>
<li>Multiple <strong>templates</strong> for your grids</li>
<li>Extensive <strong>Template Editor</strong> to create any grid you want</li>
<li>Possibility to use <strong>pagination</strong></li>
<li>Compatible with both <strong>Classic Editor and Gutenberg</strong> Block Editor</li>
<li>Fully integrated with our WP Recipe Maker plugin for a <strong>recipe grid</strong></li>
</ul>
<p>We also have a <a href="https://bootstrapped.ventures/wp-ultimate-post-grid/" rel="nofollow ugc">WP Ultimate Post Grid Premium version</a> which offers the following features:</p>
<ul>
<li><strong>Limit your posts</strong> by any taxonomy, author, date or post ID</li>
<li>Use a <strong>plain text filter</strong> for your grid</li>
<li>Have <strong>dropdown filters</strong> for any taxonomy</li>
<li>Use a <strong>checkbox filter</strong> for any taxonomy</li>
<li>Allow for <strong>multiselect</strong> in the filters</li>
<li>Show the <strong>post count</strong> for the filter terms</li>
<li>Create a grid of your <strong>categories or tags</strong></li>
<li>A <strong>Load More button</strong> for pagination</li>
<li><strong>Load on filter</strong> pagination</li>
<li><strong>Infinite scroll</strong> pagination</li>
<li>Easily <strong>clone your grids</strong></li>
<li>Order grid by <strong>custom field</strong></li>
<li><strong>Dynamically filter</strong> grids in the shortcode</li>
</ul>
<p>This plugin is under active development. Any feature requests are welcome!</p>
WordPress Plugin Directory