YMC Filter & Grids
Moderate fix1 remedy
cpe:2.3:a:ymc-22:filter_&_grids:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.2.0
WordPress Filter & Grids Plugin SQL Injection Vulnerability
Vulnerability
Patched
A SQL injection vulnerability has been identified in the Filter & Grids plugin for WordPress, affecting all versions through 3.2.0. The issue arises from inadequate escaping of user-supplied data in the 'phrase' parameter, allowing unauthenticated attackers to inject additional SQL queries. This vulnerability is exploitable on MariaDB, where the injected queries can be used to extract sensitive information from the database; on MySQL, the injection leads to a syntax error.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to access or modify database information. In this case, it could be used to extract sensitive data from the database.
Reproduction
To reproduce this vulnerability, send a request to a WordPress site with the Filter & Grids plugin installed, using the 'phrase' parameter. The injection will be successful if the site is using MariaDB and the plugin version is 3.2.0 or earlier.
Remediation
Users are advised to update the Filter & Grids plugin to version 3.2.1 or later.
Added: Dec 13, 2025, 5:31 PM
Updated: Dec 13, 2025, 5:31 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
9.3remediation
7.7relevance
1.4threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.