EUVD-2022-55971

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

CVE-2022-50946

The CVE-2022-50946 entry concerns the WordPress plugin Netroics Blog Posts Grid 1.0, where a stored cross-site scripting (XSS) flaw exists in the handling of the post_title field and the testimonial title field. The root cause is failure to sanitize the post_title parameter, enabling an attacker ...

CVE-2022-50946

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

WordPress Elementor Addons by Livemesh plugin <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Grid vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.7...

EUVD-2025-7860

Malicious code in bioql PyPI...

CVE-2024-3639

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes like 'gridskin'. This makes it...

CVE-2025-28905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through = 1.7...

WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Featured Posts Grid versions = 1.7...

CVE-2025-28905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through = 1.7...

CVE-2025-28905

CVE-2025-28905 relates to the WordPress plugin Featured Posts Grid (versions at or below 1.7). The connected docs confirm an improper handling of input during web page generation, enabling a CSRF to Stored XSS chain. The CVSS 3.1 base metrics (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) indicate network...

CVE-2025-28905 WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through = 1.7...

CVE-2025-28905 WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through = 1.7...

CVE-2024-3639

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-3639 Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes like 'gridskin'. This makes it...

PT-2024-26965 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Posts Grid widget due to insufficient input sanitization and output...

WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on:...

WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting

Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Netroics Blog Posts Grid" v1.0 Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Teste...

WordPress Netroics Blog Posts Grid 1.0 Plugin - Stored XSS Vulnerability

Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on: Centos 7 apache2 ...