90 matches found
CVE-2024-50443
CVE-2024-50443: PostX (WordPress Post Grid/Ultimate Post plugin) stored XSS in versions
WordPress plugin PostX 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0tter Patchstack Alliance in WordPress Plugin PostX versions = 4.1.12...
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...
CVE-2024-31246 WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...
CVE-2024-5758
CVE-2024-5758 is a duplicate of CVE-2024-4305 and its entry is not active on its own. The connected documentation for CVE-2024-4305 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog Plugin, affecting versions prior to 4.1.0...
The vulnerability of the postx_presets_callback() function in the PostX plugin of the WordPres content management system allows a hacker to escalate their privileges and gain access to read, modify, or delete data.
The vulnerability of the postxpresetscallback function in the PostX plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges and gain access to read, modify,...
CVE-2024-5326
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...
CVE-2024-5223
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...
PT-2024-35135 · WordPress · Postx
Name of the Vulnerable Software and Affected Versions: PostX plugin for WordPress versions up to, and including, 4.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's file uploading feature due to insufficient input sanitization and output escaping. This allows...
WordPress plugin PostX 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin PostX 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress PostX plugin <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin PostX versions = 4.1.1...
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.3 - Missing Authorization to Arbitrary Options Update
Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for...
PostX < 4.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Create a new Post and add "Ultimate...
CVE-2024-32564 WordPress Post Grid Blocks and WordPress News Plugin – PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 4.0.1...
CVE-2024-32564 WordPress PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.0.1...
WordPress Plugin PostX 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...
WordPress PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by CatFather in WordPress Plugin PostX versions = 4.0.1...
WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability
Author+ Post/Page Duplication vulnerability discovered by movrment in WordPress Plugin PostX versions = 3.2.3...