CVE-2021-24488

MEDIUM NUCLEI

Pickplugins Post Grid < 2.1.8 - XSS

Title source: rule

Description

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues

Exploits (1)

exploitdb WORKING POC

by 0xB9 · textwebappsphp

https://www.exploit-db.com/exploits/50705

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Post Grid <2.1.8 - Cross-Site Scripting

MEDIUMby cckuailong

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a

Scores

CVSS v3 6.1

EPSS 0.1153

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

pickplugins/post_grid < 2.1.8

Published Aug 02, 2021

Tracked Since Feb 18, 2026