CVE-2013-4117

Vulnerability

The Category Grid View Gallery plugin version 2.3.1 for WordPress contains a cross-site scripting (XSS) vulnerability in the file includes/CatGridPost.php. The ID parameter is not properly sanitized before being output, allowing injection of arbitrary web script or HTML [1][2]. Older versions are likely also affected.

Exploitation

An attacker can exploit this vulnerability by crafting a URL with a malicious payload in the ID parameter. For example: http://example.com/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=44%22%3E%3Cimg%20src=%22http://%22%20onerror=alert%28document.cookie%29;%3E. No authentication or user interaction is required beyond the victim visiting the crafted link [2].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, cookie theft, defacement, or other malicious actions [1][2].

Mitigation

As of the disclosure date (July 2013), no official fix has been released by the plugin author [1]. Users are advised to remove or disable the plugin until a patch becomes available, or to manually sanitize the ID parameter in the plugin code. The plugin may be considered abandoned and should be replaced with an alternative.