2023-10-30 13:49:02
Wordfence
PUBLISHED
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the grid_plus_save_layout_callback and grid_plus_delete_callback functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.