Post Grid and Team Showcase Plugins Contain Vulnerabilities

by   |  Last Update:  |  0 Comments  

On This Page: [hide]

  1. Post Grid and Team Showcase Plugin Vulnerabilities

vulnerabilities in post grid and team showcase wordpress pluginsIn Mid-September, security researchers at Wordfence (Defiant) uncovered two severe vulnerabilities in Post Grid. Post Grid is a WordPress plugin with more than 60,000 installations, developed by PickPlugins.

During the analysis, the team discovered almost identical vulnerabilities in Team Showcase, another plugin developed by the same author. Team Showcase has over 6,000 installations.
The good news is that the plugin developers released patches only a few hours after disclosing the flaws.

Post Grid and Team Showcase Plugin Vulnerabilities

The first plugin allows users to display their posts in a grid layout, whereas Team Showcase displays an organization’s team members. Both plugins permitted the import of custom layouts, with nearly identical functionalities. Even though Post Grid didn’t use the vulnerable import function, it still contained the flawed code, making it vulnerable.

A logged-in attacker could exploit both plugins with minimal permissions in Stored Cross-Site Scripting (XSS) attacks. The exploit could be done by sending a specific AJAX request.
Affected versions are Post Grid < 2.0.73 and Team Showcase < 1.22.16. The other vulnerabilities affecting both plugins could trigger PHP Object injection. The same layout functions posed the risk of PHP Object injection via the same method used in the cross-site scripting attack. This was possible thanks to the vulnerable functions, which unserialized the payload supplied in the source parameter. This flaw also required an attacker to have minimal privileges, such as a subscriber lever. “However, sites using a plugin or theme that allowed unauthenticated visitors to execute arbitrary shortcodes would be vulnerable to unauthenticated attackers,” Wordfence says.

How to stay protected?
If your WordPress site uses either of these plugins, you should update to the latest versions immediately. Currently, the latest Post Grid version is 2.0.73, whereas the newest version of Team Showcase is 1.22.16.

If you need more technical details about the flaws, you can refer to the original findings.

Researched and written by:
HowToHosting Editors
HowToHosting.guide provides expertise and insight into the process of creating blogs and websites, finding the right hosting provider, and everything that comes in-between. Read more...

No related posts.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HowToHosting.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust howtohosting.guide for reliable hosting insights and sincerity.