Vulnerability Description
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. CVE-2023-34014 appears to be a duplicate of this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| G5Theme | Grid Plus | <= 1.3.2 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.phpIssue Tracking
- https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.phpIssue Tracking
- https://plugins.trac.wordpress.org/changeset/2992756/grid-plus#file1
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55Third Party Advisory
- https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.phpIssue Tracking
- https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.phpIssue Tracking
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55Third Party Advisory
FAQ
What is CVE-2023-5251?
CVE-2023-5251 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_c...
How severe is CVE-2023-5251?
CVE-2023-5251 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5251?
Check the references section above for vendor advisories and patch information. Affected products include: G5Theme Grid Plus.