Login

Tag Archives: Post Grid

4 Mar 2022

Recently Closed WordPress Plugin with 60,000+ Installs Contains Authenticated Persistent XSS Vulnerability

Yesterday, the WordPress plugin Post Gird was closed on WordPress Plugin Directory. Because that is one of the 1,000 most popular plugins in that directory (it has 60,000+ installs), our systems warned us about the closure and we started checking over the plugin to see if there was a vulnerability we should warn customers of our services about. What we found was that it at least contains an authenticated persistent cross-site scripting (XSS) vulnerability.

When creating or editing one of the plugin’s post grids, there is the option to include custom JavaScript code. If that were limited to users with the unfiltered_html capability, that wouldn’t be an issue, since they are intended to be able to add JavaScript code. But that post type is accessible to users without that capability, as it possible for any users that are able to create WordPress posts: [Read more]

9 Jan 2017

Vulnerability Details: PHP Object Injection Vulnerability in Post Grid

Back in November we were contacted about a PHP object injection vulnerability in the plugin Post Grid that the person who contacted us had seen exploited. We didn’t include it in our data at the time since they said they were waiting on the “developer to respond etc.” before disclosing it. While looking in to that vulnerability we discovered a file deletion vulnerability in the plugin, which impacted all the version that also had the PHP object injection vulnerability, so anyone using our service or the free data that comes with its companion plugin would have been notified that they were using a vulnerable plugin at the time.

Recently the issue of the vulnerability came up again and we noticed that it still hadn’t been disclosed. Seeing as it has now been two months since it was fixed we will go ahead with the disclosure. [Read more]

8 Nov 2016

File Deletion Vulnerability in Post Grid

One of the reason we believe that it is important that the details of vulnerabilities in WordPress plugins be disclosed is that if others can review them that can lead to additional vulnerabilities being identified. That was the case with a recent vulnerability in the Post Grid plugin, where after being notified the details of a vulnerability (that vulnerability has yet to be publicly disclosed) we found that it pointed to a wider security issue with the plugin.

The original vulnerability was due in part to functions only intended for Administrator level users being made available to anyone through WordPress’ AJAX functionality, whether they were logged in to WordPress or not. That was the case not only for the function relevant to that vulnerability, but for a number of others. [Read more]