G5theme Grid Plus
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in G5theme Grid Plus.
By the Year
In 2026 there have been 0 vulnerabilities in G5theme Grid Plus. Last year, in 2025 Grid Plus had 1 security vulnerability published. Right now, Grid Plus is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.10 |
| 2024 | 1 | 0.00 |
| 2023 | 3 | 6.77 |
It may take a day or so for new Grid Plus vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent G5theme Grid Plus Security Vulnerabilities
G5Theme Grid Plus <=3.3 Reflected XSS in grid-plus
CVE-2025-53352
7.1 - High
- October 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Grid Plus grid-plus allows Reflected XSS.This issue affects Grid Plus: from n/a through <= 3.3.
XSS
Grid Plus <=1.3.2 Unauth Access Control Bypass
CVE-2023-34014
- December 13, 2024
Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2.
AuthZ
Grid Plus WP Plugin 1.3.2: Auth Mod/Del via missing cap check
CVE-2023-5251
5.4 - Medium
- October 30, 2023
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. CVE-2023-34014 appears to be a duplicate of this issue.
AuthZ
Grid Plus WP Plugin 1.3.2 LFI via Shortcode Attribute PHP Code Execution
CVE-2023-5250
8.8 - High
- October 30, 2023
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included.
Remote file include
Unauth XSS in G5Theme Grid Plus <=1.3.2 (WP plugin)
CVE-2023-46209
6.1 - Medium
- October 27, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus Unlimited grid plugin <= 1.3.2 versions.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for G5theme Grid Plus or by G5theme? Click the Watch button to subscribe.
