cleantalk
Vulnerabilities and Security Researches

Cinza Grid, CVE-2025-11824

CVE, Research URL

CVE-2025-11824

Home page URL

Security reports for Cinza Grid

Application

Cinza Grid

Published on
Oct 22, 2025
Research Description
The Cinza Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cgrid_skin_content' post meta field in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Team 118GROUP Agent (CVE-2025-23512) , Jan 21, 2025
New vulnerability
Video Gallery by Huzzaz (CVE-2025-62910) , Nov 10, 2025
Export Categories (CVE-2025-62922) , Nov 10, 2025
Custom CSS (CVE-2025-48096) , Nov 10, 2025
Task Scheduler (CVE-2025-10056) , Nov 10, 2025
Links shortcode (CVE-2025-62898) , Nov 10, 2025