Post Grid Security Vulnerabilities and Issues — Post Grid CVE List

Lucene search

PickpluginsPost Grid

7 matches found

CVE•added 2021/01/01 2:15 a.m.•71 views

CVE-2020-35938

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be se...

8.8CVSS8.6AI score0.01375EPSS

CVE•added 2021/01/01 2:15 a.m.•69 views

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must ...

8.8CVSS8.6AI score0.01436EPSS

CVE•added 2021/01/01 2:15 a.m.•67 views

CVE-2020-35936

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_impo...

8CVSS6.6AI score0.01353EPSS

CVE•added 2021/01/01 2:15 a.m.•65 views

CVE-2020-35937

Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_impo...

8CVSS6.6AI score0.01412EPSS

CVE•added 2024/09/11 4:15 a.m.•41 views

CVE-2024-8253

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, ...

8.8CVSS8.7AI score0.00262EPSS

CVE•added 2025/01/24 11:15 a.m.•39 views

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the pgcu shortcode. This makes it possible for authenticated attackers,...

8.8CVSS7.7AI score0.0013EPSS

CVE•added 2024/10/16 7:15 a.m.•31 views

CVE-2021-4450

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attac...

8.8CVSS8.7AI score0.00159EPSS