CVE-2021-24488: 
WordPress vulnerability analysis and mitigation

The Post Grid WordPress plugin before version 2.1.8 contained a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24488. The vulnerability was discovered in the slider import search feature and tab parameter of the plugin settings, which were not properly sanitized before being output back in the pages (WPScan).

The vulnerability was classified as a Cross-Site Scripting (XSS) issue with a CVSS score of 7.1 (high severity) and mapped to CWE-79. The issue was partially addressed in version 2.1.4, which still allowed arbitrary attributes to be injected. Version 2.1.5 removed much of the escaping implemented in 2.1.4, and proper security measures were finally implemented in version 2.1.8 (WPScan).

The vulnerability could allow attackers to execute arbitrary JavaScript code in the context of other users' browsers who access the affected pages, potentially leading to unauthorized access to sensitive information or manipulation of the website's content (WPScan).

The vulnerability was fully patched in Post Grid version 2.1.8. Users were advised to update to this version or later to protect against potential XSS attacks (WPScan).