CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the importshortcodes function. This makes it possible for authenticate...

CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the importshortcodes function. This makes it possible for authenticate...

CVE-2026-3017

The CVE-2026-3017 entry concerns the WordPress plugin Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts, affected up to version 3.0.12. The vulnerability is a PHP Object Injection via deserialization of untrusted input in the import_shortcodes() function. With Administr...

WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection vulnerability

WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin = 3.0.12 - Authenticated Administrator+ PHP Object Injection vulnerability discovered by Vilaysone CHANTHAVONG 0xJ0cKkY - Cyberus Technologies in WordPress Plugin Post Grid, Post Carousel, & List Categor...

WordPress plugin Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-32562

Malicious code in bioql PyPI...

CVE-2024-3996

The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3996

The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3996 Post Grid, Post Carousel, & List Category Posts < 2.4.28 - Editor+ Stored XSS

The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3996 Post Grid, Post Carousel, & List Category Posts < 2.4.28 - Editor+ Stored XSS

The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8187

The CVE-2024-8187 entry affects the Smart Post Show WordPress plugin (versions

CVE-2024-8187 Smart Post Show <= 3.0.0 - Editor+ Stored XSS

The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8187 Smart Post Show <= 3.0.0 - Editor+ Stored XSS

The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Smart Post Show 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Smart Post Show 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2025-21472 · WordPress · Smart Post Show

Name of the Vulnerable Software and Affected Versions: The Smart Post Show WordPress plugin versions prior to 2.4.28 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

PT-2025-21515 · WordPress · Smart Post Show

Name of the Vulnerable Software and Affected Versions: Smart Post Show WordPress plugin versions prior to 3.0.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed...

WordPress Smart Post Show plugin <= 3.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Pagination Color vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Pagination Color vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Post Grid, Post Carousel, & List Category Posts – by Smart Post Show versions = 3.0.0...

WordPress Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Plugin < 2.4.19 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Type Plugin Vulnerable versions 2.4.19 Fixed in 2.4.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0097 Patch priority Medium CVSS severity Medium 6.5 Developer Claim...

Post Grid, Post Carousel, & List Category Posts < 2.4.19 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Smart Post Sho...