CVE-2024-3635

The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress The Post Grid Plugin < 7.5.0 is vulnerable to Cross Site Scripting (XSS)

Software The Post Grid Type Plugin Vulnerable versions 7.5.0 Fixed in 7.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3635 Patch priority Low CVSS severity Low 6.5 Developer Mamunur Rashid PSID e1b0ed6ba0a7 Credits Dmitrii Ignatyev Required...

PT-2024-26959 · WordPress · Post Grid

Name of the Vulnerable Software and Affected Versions: The Post Grid WordPress plugin versions prior to 7.5.0 Description: The issue allows high privilege users, such as Editor and above, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

CVE-2024-7418 The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the postqueryguten and postquery functions. This makes it possible for authenticated attackers,...

CVE-2024-7418

CVE-2024-7418 affects The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid (WordPress). It enables Sensitive Information Exposure via the post_query_guten and post_query functions. Exploitation requires authentication at contributor level or higher to access non-public po...

WordPress The Post Grid plugin <= 7.7.11 - Authenticated (Contributor+) Information Disclosure vulnerability

Authenticated Contributor+ Information Disclosure vulnerability discovered by stealthcopter in WordPress Plugin The Post Grid versions = 7.7.11...

WordPress The Post Grid Plugin <= 7.7.4 is vulnerable to Broken Access Control

Software The Post Grid Type Plugin Vulnerable versions = 7.7.4 Fixed in 7.7.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37483 Patch priority Low CVSS severity Low 5.4 Developer Mamunur Rashid PSID 74cdae3737f6 Credits Rafie Muhammad Patchstack Requir...

CVE-2024-1427

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...

CVE-2024-1427 The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...

WordPress plugin The Post Grid security vulnerability

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18037 · Unknown · The Post Grid – Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.7.1 Description: The issue is related to Stored Cross-Site Scripting via the section title tag attribute due to insufficient...

CVE-2024-4043

CVE-2024-4043 pertains to the WordPress plugin WP Ultimate Post Grid . The issue is a Stored Cross-Site Scripting (XSS) in the plugin’s 'wpupg-text' shortcode , affecting all versions up to and including 3.9.1. The root cause is insufficient input sanitization and output escaping on user-supplied...

CVE-2024-3239

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

WordPress The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin <= 7.6.1 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Pavel Palii in WordPress Plugin The Post Grid versions = 7.6.1...

WordPress The Post Grid Plugin <= 7.6.1 is vulnerable to Broken Access Control

Software The Post Grid Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3936 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID ba4fe441d17b Credits Pavel Palii Required privilege...

WordPress Essential Grid Plugin <= 3.1.1 is vulnerable to Broken Access Control

Software Essential Grid Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3235 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 597aadc22d06 Credits 1337Wannabe Required privilege...

WordPress Responsive Gallery Grid Plugin < 2.3.11 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Gallery Grid Type Plugin Vulnerable versions 2.3.11 Fixed in 2.3.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1664 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 64e1e4491d20 Credits WPScan Required...

Post Grid < 2.2.76 - Reflected Cross-Site Scripting

Description The Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Post Grid, Slider & Carousel Ultimate < 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

Deserialization of untrusted data

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpostshortcodemetaboxmarkup function. This makes it...