CVE-2024-29925

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6...

CVE-2025-24782

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10...

CVE-2024-13409 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...

CVE-2024-29925

Technical details about CVE-2024-29925 (affected product/version, root cause, impact, and fix) are not provided in the supplied documents; monitor for updates.

WordPress Post Grid, Slider & Carousel Ultimate Plugin <= 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid, Slider & Carousel Ultimate Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e415424c3ca8 Credits LVT-tholv2k...

Deserialization of untrusted data

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpostshortcodemetaboxmarkup function. This makes it...

CVE-2024-2006

CVE-2024-2006 affects the WordPress plugin Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget, up to version 1.6.7. Description: PHP Object Injection via deserialization of untrusted input in outpost_shortcode_metabox_markup, exploitable by authenticated us...

WordPress plugin Post Grid, Slider & Carousel Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Post Grid,Slider...

Post Grid, Slider & Carousel Ultimate < 1.5.0 - Admin+ Stored XSS

The plugin does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a new Grid/Caroussel, in the General Settings, enable "Display Header Title" and put the...