Pickplugins

Post Grid

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-68605

  • EPSS 0.04%
  • Veröffentlicht 24.12.2025 13:10:48
  • Zuletzt bearbeitet 20.01.2026 15:19:51

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.18...

5.3

CVE-2025-63043

  • EPSS 0.04%
  • Veröffentlicht 18.12.2025 16:45:08
  • Zuletzt bearbeitet 20.01.2026 15:18:27

Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2...

8.8

CVE-2025-62924

  • EPSS 0.08%
  • Veröffentlicht 27.10.2025 01:33:58
  • Zuletzt bearbeitet 20.01.2026 15:18:05

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.

8.8

CVE-2025-54007

  • EPSS 0.12%
  • Veröffentlicht 20.08.2025 08:03:05
  • Zuletzt bearbeitet 20.08.2025 14:39:07

Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Object Injection. This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.11.

5.4

CVE-2024-9645

Exploit
  • EPSS 0.05%
  • Veröffentlicht 15.05.2025 20:16:00
  • Zuletzt bearbeitet 04.06.2025 20:06:25

The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users ...

7.5

CVE-2024-13796

  • EPSS 0.37%
  • Veröffentlicht 28.02.2025 05:15:32
  • Zuletzt bearbeitet 06.03.2025 20:21:36

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthentica...

8.8

CVE-2024-13408

  • EPSS 0.27%
  • Veröffentlicht 24.01.2025 11:15:09
  • Zuletzt bearbeitet 05.02.2025 01:37:13

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. ...

6.5

CVE-2024-50432

  • EPSS 0.12%
  • Veröffentlicht 28.10.2024 19:15:14
  • Zuletzt bearbeitet 29.10.2024 14:34:50

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.93.

8.8

CVE-2021-4450

  • EPSS 0.39%
  • Veröffentlicht 16.10.2024 07:15:11
  • Zuletzt bearbeitet 30.10.2024 17:47:05

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

6.5

CVE-2024-47340

  • EPSS 0.16%
  • Veröffentlicht 06.10.2024 11:15:12
  • Zuletzt bearbeitet 07.10.2024 17:47:48

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.89.