CVE-2026-49054

CVE-2026-49054 concerns WordPress plugin The Post Grid (versions up to 7.9.2). The issue is a Missing Authorization / Broken Access Control vulnerability caused by misconfigured access control logic, allowing unauthorized access where restrictions should apply. Public sources in the connected rec...

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin = 2.2.80 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

CVE-2025-68605 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.23...

CVE-2025-63043

CVE-2025-63043 is an IDOR-by-auth bypass in the WordPress Post Grid and Gutenberg Blocks plugin (versions up to 2.3.19 as reported). The vulnerability arises from authorization by a user-controlled key, enabling access control bypass to restricted objects. Several connected sources confirm the af...

CVE-2025-66058 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.17...

CVE-2025-62924 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.17...

CVE-2025-62924

CVE-2025-62924 is a Missing Authorization vulnerability affecting the WordPress plugins/Post Grid and Gutenberg Blocks (Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry) up to version 2.3.17. The available sources describe a broken access control vulnerability enabling unauthori...

CVE-2025-62924 WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.3.17...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.17...

CVE-2024-13796

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.92 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.92...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.93 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.93...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.93 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.93 Fixed in 2.2.94 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc84fa172af9 Credits João Pedro S Alcântar...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.90 is vulnerable to Privilege Escalation

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.90 Fixed in 2.2.91 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8253 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 751ae97fca06 Credits wesley wcraft...

WordPress Post Grid Master Plugin <= 3.4.10 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid Master Type Plugin Vulnerable versions = 3.4.10 Fixed in 3.4.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43156 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d887b01a498 Credits Dimas Maulana Required...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.85a is vulnerable to Cross Site Scripting (XSS)

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.85a Fixed in 2.2.86 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6346 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0a3eb3d1bba0 Credits...

WordPress Post Grid plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

WordPress Post Grid Master Plugin <= 3.4.12 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid Master Type Plugin Vulnerable versions = 3.4.12 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34390 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6ac8a85df075 Credits Yudistira Arya Required privilege...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.64 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.64 Fixed in 2.2.65 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6645 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1fd7cc48237 Credits...