225 matches found
PT-2024-34219 · Postx · Postx
Name of the Vulnerable Software and Affected Versions: PostX versions prior to 4.1.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions prior t...
WordPress PostX Plugin <= 4.1.15 is vulnerable to Cross Site Scripting (XSS)
Software PostX Type Plugin Vulnerable versions = 4.1.15 Fixed in 4.1.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50513 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 43389f55b268 Credits Hwang Se-yeon Required privilege Author...
WordPress plugin PostX 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0tter Patchstack Alliance in WordPress Plugin PostX versions = 4.1.12...
WordPress PostX Plugin <= 4.1.12 is vulnerable to Cross Site Scripting (XSS)
Software PostX Type Plugin Vulnerable versions = 4.1.12 Fixed in 4.1.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50443 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d794e4665795 Credits Hwang Se-yeon Required privilege Contributor...
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...
CVE-2024-31246
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...
CVE-2024-31246
CVE-2024-31246 is a Missing Authorization vulnerability in PostX – Gutenberg Blocks for Post Grid (Post Grid Team by WPXPO). Affected: PostX – Gutenberg Blocks for Post Grid, versions up to and including 3.2.3 (n/a–3.2.3). Root cause: missing authorization allows unauthorized access/modification ...
CVE-2024-31246 WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...
WordPress plugin PostX - Gutenberg Blocks for Post Grid security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-23888 · Wpxpo · Postx – Gutenberg Blocks For Post Grid
Name of the Vulnerable Software and Affected Versions: PostX – Gutenberg Blocks for Post Grid versions 3.2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in Post Grid Team by WPXPO. This vulnerability affects PostX – Gutenberg Blocks for Post Grid...
CVE-2024-5758
Rejected reason: REJECT Duplicate of CVE-2024-4305. Please use CVE-2024-4305 instead...
CVE-2024-5758
CVE-2024-5758 is a duplicate of CVE-2024-4305 and its entry is not active on its own. The connected documentation for CVE-2024-4305 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog Plugin, affecting versions prior to 4.1.0...
CVE-2024-5758
...
CVE-2024-5758
...
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.0 - Authenticated (Contributor+) Stored Cross=Site Scripting
Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it...
The vulnerability of the postx_presets_callback() function in the PostX plugin of the WordPres content management system allows a hacker to escalate their privileges and gain access to read, modify, or delete data.
The vulnerability of the postxpresetscallback function in the PostX plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges and gain access to read, modify,...
CVE-2024-5326
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...
CVE-2024-5223
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...