Post Grid Master
Monthly
Reflected cross-site scripting in Post Grid Master WordPress plugin versions up to 3.4.13 allows unauthenticated attackers to inject arbitrary JavaScript through the 'argsArray[read_more_text]' parameter due to insufficient input sanitization and output escaping. An attacker can craft a malicious link and trick users into clicking it, causing the injected script to execute in their browser with the victim's privileges. Publicly available exploit code exists, and the vulnerability affects all installations of the plugin through version 3.4.13.
Reflected cross-site scripting in Post Grid Master WordPress plugin versions up to 3.4.13 allows unauthenticated attackers to inject arbitrary JavaScript through the 'argsArray[read_more_text]' parameter due to insufficient input sanitization and output escaping. An attacker can craft a malicious link and trick users into clicking it, causing the injected script to execute in their browser with the victim's privileges. Publicly available exploit code exists, and the vulnerability affects all installations of the plugin through version 3.4.13.