CVE-2025-66058

Summary: CVE-2025-66058 reports a Missing Authorization vulnerability in the WordPress plugin “Post Grid and Gutenberg Blocks” affecting versions up to 2.3.17, caused by broken access control. The CVSSv3.1 base score is 6.5 (Medium) with network attack vector, low attack complexity, and no user i...

CVE-2025-66058 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.17...

CVE-2025-62924 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.17...

PT-2025-43801

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.17...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.17...

WordPress Firelight Lightbox plugin <= 2.3.16 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Firelight Lightbox versions = 2.3.16...

Sql injection

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

PT-2023-24193 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 2.3.17 Xibo versions prior to 3.3.5 Description: A path traversal vulnerability exists in the Xibo CMS, allowing a specially crafted zip file to be uploaded via the layout import function by an authenticated user. This...

SUSE CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

OpenVPN Denial of Service Vulnerability (CNVD-2017-14886)

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

OpenVPN Server-Side Denial of Service Vulnerability

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

UBUNTU-CVE-2017-7508

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet...