CVE-2021-24986 | HackTesting

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form

Credits

JrXnm

References

https://wpscan.com/vulnerability/51e57f25-b8b2-44ca-9162-d7328eac64eb