Vulnerability Details CVE-2023-3292
The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-3292
-
_product_catalog_-_grid_kit_portfolio:-
-
_product_catalog_-_grid_kit_portfolio:1.8.10
-
_product_catalog_-_grid_kit_portfolio:1.8.11
-
_product_catalog_-_grid_kit_portfolio:1.8.12
-
_product_catalog_-_grid_kit_portfolio:1.8.13
-
_product_catalog_-_grid_kit_portfolio:1.8.14
-
_product_catalog_-_grid_kit_portfolio:1.8.15
-
_product_catalog_-_grid_kit_portfolio:1.8.16
-
_product_catalog_-_grid_kit_portfolio:1.8.17
-
_product_catalog_-_grid_kit_portfolio:1.8.18
-
_product_catalog_-_grid_kit_portfolio:1.8.19
-
_product_catalog_-_grid_kit_portfolio:1.8.20
-
_product_catalog_-_grid_kit_portfolio:1.8.21
-
_product_catalog_-_grid_kit_portfolio:1.8.22
-
_product_catalog_-_grid_kit_portfolio:1.8.23
-
_product_catalog_-_grid_kit_portfolio:1.8.24
-
_product_catalog_-_grid_kit_portfolio:1.8.7
-
_product_catalog_-_grid_kit_portfolio:1.8.8
-
_product_catalog_-_grid_kit_portfolio:1.8.9
-
_product_catalog_-_grid_kit_portfolio:2.0.0
-
_product_catalog_-_grid_kit_portfolio:2.1.0
-
_product_catalog_-_grid_kit_portfolio:2.1.1
-
cpe:2.3:a:wpsofts:portfolio_gallery