cleantalk
Vulnerabilities and Security Researches

Grid Plus – Unlimited grid layout, CVE-2024-10910

CVE, Research URL

CVE-2024-10910

Home page URL

Security reports for Grid Plus – Unlimited grid layout

Application

Grid Plus – Unlimited grid layout

Published on
Dec 12, 2024
Research Description
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
max 1.3.5.
Status
vulnerable
Previous vulnerability researches
Grid Plus – Unlimited grid layout (CVE-2023-5251) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2023-46209) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2023-5250) , Jun 07, 2024
Grid Plus – Unlimited grid layout (CVE-2025-53352) , Nov 10, 2025
Grid Plus – Unlimited grid layout (CVE-2023-34014) , Dec 18, 2024
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025