CVE-2026-1273

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

CVE-2022-0447

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting...

WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by zaim in WordPress Plugin Post Grid, Slider & Carousel Ultimate versions = 1.6.10...

EUVD-2025-204648

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/getdynamiccontent/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible...

CVE-2025-12980

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/getdynamiccontent/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible...

EUVD-2020-23521

Malware in sbrugna...

EUVD-2020-23519

Malware in sbrugna...

EUVD-2024-48344

Malicious code in bioql PyPI...

EUVD-2023-43621

Malicious code in bioql PyPI...

EUVD-2022-15586

Malicious code in bioql PyPI...

EUVD-2022-49634

Malicious code in bioql PyPI...

EUVD-2021-34635

Malicious code in bioql PyPI...

EUVD-2023-36841

Malicious code in bioql PyPI...

CVE-2024-1427

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...

CVE-2024-3936

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...

CVE-2023-32598

Unauth. Reflected Cross-Site Scripting XSS vulnerability in A. R. Jones Featured Image Pro Post Grid plugin = 5.14 versions...

CVE-2023-39923

Cross-Site Request Forgery CSRF vulnerability in RadiusTheme The Post Grid plugin = 7.2.7 versions...

CVE-2021-24488

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues...

CVE-2024-9645 Post Grid and Gutenberg Blocks < 2.2.93 - Contributor+ Stored XSS

The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...

CVE-2024-9645 Post Grid and Gutenberg Blocks < 2.2.93 - Contributor+ Stored XSS

The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...