cleantalk
Vulnerabilities and Security Researches

Grid Plus – Unlimited grid layout, CVE-2023-5250

CVE, Research URL

CVE-2023-5250

Home page URL

Security reports for Grid Plus – Unlimited grid layout

Application

Grid Plus – Unlimited grid layout

Published on
Oct 30, 2023
Research Description
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files.
Affected versions
max 1.3.4.
Status
vulnerable
Previous vulnerability researches
Grid Plus – Unlimited grid layout (CVE-2023-5251) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2023-46209) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2023-5250) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2025-53352) , Nov 10, 2025
Grid Plus – Unlimited grid layout (CVE-2023-34014) , Dec 18, 2024
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025