The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.


https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5251
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.
2023-10-30T14:15:09Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5251