Combo Blocks < 2.2.76 - Improper Access Control

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts id:...

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin = 2.2.80 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

WordPress Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Block Attribute vulnerability discovered by stealthcopter in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

EUVD-2024-17704

Malicious code in bioql PyPI...

WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.89...

CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

WordPress Combo Blocks plugin <= 2.2.85a - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.85a...

CVE-2024-4042

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

CVE-2024-4042

CVE-2024-4042 affects the WordPress plugins Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks. It is a Stored Cross-Site Scripting via the menu-wrap-item block attribute, caused by insufficient input sanitization/output escaping, in all versions up ...

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

WordPress plugin Combo Blocks security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Combo Blocks security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-24136 · WordPress · Post Blocks +5

Name of the Vulnerable Software and Affected Versions: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 Description: The issue is related to Stored Cross-Site Scripting due to insufficient...

CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78...

CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78...

WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.78...

WordPress Combo Blocks plugin < 2.2.76 - Unauthenticated Password Protected Posts Access vulnerability

Unauthenticated Password Protected Posts Access vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Post Grid and Gutenberg Blocks versions 2.2.76...

CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

WordPress plugin Combo Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...