Lucene search
K

225 matches found

Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.3 views

PT-2024-34219 · Postx · Postx

Name of the Vulnerable Software and Affected Versions: PostX versions prior to 4.1.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions prior t...

6.5CVSS5.3AI score0.00254EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.11 views

WordPress PostX Plugin <= 4.1.15 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions = 4.1.15 Fixed in 4.1.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50513 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 43389f55b268 Credits Hwang Se-yeon Required privilege Author...

5.9CVSS6.5AI score0.00377EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.5 views

WordPress plugin PostX 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.5CVSS6AI score0.00254EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/24 9:43 a.m.4 views

WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0tter Patchstack Alliance in WordPress Plugin PostX versions = 4.1.12...

6.5CVSS6.1AI score0.00254EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.8 views

WordPress PostX Plugin <= 4.1.12 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions = 4.1.12 Fixed in 4.1.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50443 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d794e4665795 Credits Hwang Se-yeon Required privilege Contributor...

6.5CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/17 6:0 a.m.15 views

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

6.1AI score0.0043EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/17 6:0 a.m.40 views

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

0.0043EPSS
Exploits2References1
NVD
NVD
added 2024/06/09 9:15 a.m.19 views

CVE-2024-31246

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...

8.8CVSS0.00336EPSS
Exploits0References2
CVE
CVE
added 2024/06/09 8:55 a.m.57 views

CVE-2024-31246

CVE-2024-31246 is a Missing Authorization vulnerability in PostX – Gutenberg Blocks for Post Grid (Post Grid Team by WPXPO). Affected: PostX – Gutenberg Blocks for Post Grid, versions up to and including 3.2.3 (n/a–3.2.3). Root cause: missing authorization allows unauthorized access/modification ...

8.8CVSS7.2AI score0.00336EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/09 8:55 a.m.26 views

CVE-2024-31246 WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...

5.4CVSS0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.9 views

WordPress plugin PostX - Gutenberg Blocks for Post Grid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.8AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/09 12:0 a.m.4 views

PT-2024-23888 · Wpxpo · Postx – Gutenberg Blocks For Post Grid

Name of the Vulnerable Software and Affected Versions: PostX – Gutenberg Blocks for Post Grid versions 3.2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in Post Grid Team by WPXPO. This vulnerability affects PostX – Gutenberg Blocks for Post Grid...

8.8CVSS9.2AI score0.00336EPSS
Exploits0References5
NVD
NVD
added 2024/06/08 7:15 a.m.20 views

CVE-2024-5758

Rejected reason: REJECT Duplicate of CVE-2024-4305. Please use CVE-2024-4305 instead...

Exploits1
CVE
CVE
added 2024/06/08 6:54 a.m.53 views

CVE-2024-5758

CVE-2024-5758 is a duplicate of CVE-2024-4305 and its entry is not active on its own. The connected documentation for CVE-2024-4305 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog Plugin, affecting versions prior to 4.1.0...

6.4AI score
Exploits1
Cvelist
Cvelist
added 2024/06/08 6:54 a.m.21 views

CVE-2024-5758

...

Exploits1
Vulnrichment
Vulnrichment
added 2024/06/08 6:54 a.m.15 views

CVE-2024-5758

...

6.6AI score
Exploits1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.12 views

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.0 - Authenticated (Contributor+) Stored Cross=Site Scripting

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it...

5.9AI score0.0043EPSS
Exploits2References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.9 views

The vulnerability of the postx_presets_callback() function in the PostX plugin of the WordPres content management system allows a hacker to escalate their privileges and gain access to read, modify, or delete data.

The vulnerability of the postxpresetscallback function in the PostX plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges and gain access to read, modify,...

9CVSS5.5AI score0.01426EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2024/05/30 11:15 a.m.34 views

CVE-2024-5326

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...

8.8CVSS8.4AI score0.01426EPSS
Exploits1References4
NVD
NVD
added 2024/05/30 4:15 a.m.23 views

CVE-2024-5223

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.9AI score0.00326EPSS
Exploits0References3
Rows per page
Query Builder