CVE-2025-5084 – The Post Grid Master WordPress plugin has a ref... (How to Fix)

Q: What is the severity of CVE-2025-5084?

CVE-2025-5084 has a CVSS score of 6.1 (MEDIUM). The Post Grid Master WordPress plugin has a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the 'read_more_text' parameter. This affects all WordPress sites using the plugin up to version 3.4.13. Attackers can steal session cookies, redirect users, or perform actions on their behalf by tricking them into clicking a malicious link.

📋 TL;DR

The Post Grid Master WordPress plugin has a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the 'read_more_text' parameter. This affects all WordPress sites using the plugin up to version 3.4.13. Attackers can steal session cookies, redirect users, or perform actions on their behalf by tricking them into clicking a malicious link.

💻 Affected Systems

Products:

Post Grid Master (Ajax Filter Posts) WordPress Plugin

Versions: All versions up to and including 3.4.13

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Post Grid Master by Addonmaster

View all CVEs affecting Post Grid Master →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full control of WordPress site, install backdoors, deface website, or pivot to internal network.

🟠

Likely Case

Attackers steal user session cookies, redirect to phishing pages, or perform limited actions as the victim user.

🟢

If Mitigated

Attack blocked by web application firewall or browser XSS protections, minimal impact with proper security headers.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires social engineering to trick users into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.14 or later

Vendor Advisory: https://wordpress.org/plugins/ajax-filter-posts/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Ajax Filter Posts' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install latest version from WordPress repository.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block requests containing malicious script patterns in the 'argsArray' parameter

Content Security Policy

all

Implement strict CSP headers to prevent script execution from untrusted sources

🧯 If You Can't Patch

Deactivate and remove the Post Grid Master plugin immediately
Implement strict Content Security Policy headers and web application firewall rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for 'Ajax Filter Posts' version 3.4.13 or earlier

Check Version:

wp plugin list --name='ajax-filter-posts' --field=version

Verify Fix Applied:

Verify plugin version is 3.4.14 or later in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

HTTP requests with 'argsArray' parameter containing script tags or JavaScript code
Unusual GET parameters with encoded script payloads

Network Indicators:

Requests to WordPress pages with suspicious 'argsArray' parameters
Outbound connections to attacker-controlled domains after XSS payload execution

SIEM Query:

source="web_logs" AND (uri="*argsArray*" AND (uri="*<script*" OR uri="*javascript:*" OR uri="*onload=*" OR uri="*onerror=*"))

📊 Metadata

CVE ID: CVE-2025-5084

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.09% exploit probability (24.6th percentile)

Published: July 24, 2025

Last Updated: August 11, 2025

🔗 References

https://github.com/Fr1t0viski/PoCs/blob/main/XSS_GridMaster Exploit
https://plugins.trac.wordpress.org/browser/ajax-filter-posts/tags/3.4.13/inc/functions.php Product
https://wordpress.org/plugins/ajax-filter-posts/#developers Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/08137a9e-6e4d-4ca6-954e-e98a44b0c9be?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5084, you might also want to check these: