CVE-2022-50946

MEDIUM

WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS

Title source: cna

Description

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title parameter. Attackers with editor privileges can inject script payloads through the testimonial title field that execute in the browsers of other users viewing the draft post, enabling cookie theft and session hijacking.

Exploits (1)

exploitdb WORKING POC

by Luqman Hakim Zahari · textwebappsphp

https://www.exploit-db.com/exploits/51008

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-51008

https://www.exploit-db.com/exploits/51008

Product product

Product Reference

https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS

https://www.vulncheck.com/advisories/wordpress-plugin-netroics-blog-posts-grid-stored-xss

Scores

CVSS v3 6.4

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

netroics/Netroics Blog Posts Grid 1.0

Published May 10, 2026

Tracked Since May 10, 2026