CVE-2026-0718

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

CVE-2022-50946 WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

CVE-2026-24370 WordPress The Grid plugin < 2.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through 2.8.0...

CVE-2026-24369 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

CVE-2026-24369 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

CVE-2026-24370

The CVE-2026-24370 refers to a Stored XSS in WordPress The Grid plugin prior to version 2.8.0, caused by improper neutralization of input during web page generation. Affected component: The Grid (

CVE-2026-24369

Summary (CVE-2026-24369) The WordPress The Grid plugin, prior to version 2.8.0, contains a Missing Authorization vulnerability caused by incorrectly configured access control security levels. This is described as a Broken Access Control issue, potentially enabling unauthorized access to protected...

CVE-2026-24370 WordPress The Grid plugin < 2.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through 2.8.0...

WordPress plugin The Grid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

WordPress plugin The Grid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin The Grid versions 2.8.0...

CVE-2026-1273

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin The Grid versions 2.8.0...

CVE-2026-24368

CVE-2026-24368 describes a Missing Authorization vulnerability in the WordPress plugin The Grid (the-grid) prior to version 2.8.0. The issue—named in multiple sources (NVD, CVE listing, Patchstack, and RH/EUVD mirroring)—is a broken access control that could allow unauthorized access or actions d...

CVE-2026-24368 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

CVE-2026-24368 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

WordPress plugin The Grid has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2022-0447

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting...

WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by zaim in WordPress Plugin Post Grid, Slider & Carousel Ultimate versions = 1.6.10...

EUVD-2025-204648

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/getdynamiccontent/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible...