Lucene search
K

90 matches found

CVE
CVE
added 2024/10/28 1:7 p.m.55 views

CVE-2024-50443

CVE-2024-50443: PostX (WordPress Post Grid/Ultimate Post plugin) stored XSS in versions

6.5CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.5 views

WordPress plugin PostX 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.5CVSS6AI score0.00254EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/24 9:43 a.m.4 views

WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0tter Patchstack Alliance in WordPress Plugin PostX versions = 4.1.12...

6.5CVSS6.1AI score0.00254EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/17 6:0 a.m.15 views

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

6.1AI score0.0043EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/09 8:55 a.m.26 views

CVE-2024-31246 WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...

5.4CVSS0.00336EPSS
Exploits0References1
CVE
CVE
added 2024/06/08 6:54 a.m.52 views

CVE-2024-5758

CVE-2024-5758 is a duplicate of CVE-2024-4305 and its entry is not active on its own. The connected documentation for CVE-2024-4305 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog Plugin, affecting versions prior to 4.1.0...

6.4AI score
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.9 views

The vulnerability of the postx_presets_callback() function in the PostX plugin of the WordPres content management system allows a hacker to escalate their privileges and gain access to read, modify, or delete data.

The vulnerability of the postxpresetscallback function in the PostX plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges and gain access to read, modify,...

9CVSS5.5AI score0.01426EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2024/05/30 11:15 a.m.34 views

CVE-2024-5326

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...

8.8CVSS8.4AI score0.01426EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2024/05/30 4:15 a.m.4 views

CVE-2024-5223

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS6.1AI score0.00326EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.6 views

PT-2024-35135 · WordPress · Postx

Name of the Vulnerable Software and Affected Versions: PostX plugin for WordPress versions up to, and including, 4.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's file uploading feature due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.9AI score0.00326EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.4 views

WordPress plugin PostX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.5AI score0.01426EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.4 views

WordPress plugin PostX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS5.8AI score0.00326EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/05/29 11:46 p.m.7 views

WordPress PostX plugin <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin PostX versions = 4.1.1...

6.4CVSS5.7AI score0.00326EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.18 views

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.3 - Missing Authorization to Arbitrary Options Update

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for...

8.8CVSS6.4AI score0.01426EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.19 views

PostX < 4.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Create a new Post and add "Ultimate...

8.2AI score0.00416EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/18 9:56 a.m.21 views

CVE-2024-32564 WordPress Post Grid Blocks and WordPress News Plugin – PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 4.0.1...

6.5CVSS6.8AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/18 9:56 a.m.42 views

CVE-2024-32564 WordPress PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.0.1...

6.5CVSS6.6AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.5 views

WordPress Plugin PostX 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

6.5CVSS6AI score0.00323EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/16 7:21 a.m.7 views

WordPress PostX plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by CatFather in WordPress Plugin PostX versions = 4.0.1...

6.5CVSS6.1AI score0.00323EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/05 5:37 a.m.8 views

WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Author+ Post/Page Duplication vulnerability discovered by movrment in WordPress Plugin PostX versions = 3.2.3...

8.8CVSS7AI score0.00336EPSS
Exploits0Affected Software1
Rows per page
Query Builder