cleantalk
Vulnerabilities and Security Researches

Grid Plus – Unlimited grid layout, CVE-2023-5251

CVE, Research URL

CVE-2023-5251

Home page URL

Security reports for Grid Plus – Unlimited grid layout

Application

Grid Plus – Unlimited grid layout

Published on
Oct 30, 2023
Research Description
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.
Affected versions
max 1.3.3.
Status
vulnerable
Previous vulnerability researches
Grid Plus – Unlimited grid layout (CVE-2023-5251) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2023-46209) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2023-5250) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2025-53352) , Nov 10, 2025
Grid Plus – Unlimited grid layout (CVE-2023-34014) , Dec 18, 2024
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025