.. / CVE-2021-24488

Exploit for WordPress Post Grid <2.1.8 - Cross-Site Scripting (CVE-2021-24488)

Description:

WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,

Nuclei Template

View the template here CVE-2021-24488.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24488.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-24488
https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a

.. / CVE-2021-24488 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Post Grid <2.1.8 - Cross-Site Scripting (CVE-2021-24488)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24488