Pickplugins

Post Grid

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-8253

  • EPSS 1.58%
  • Veröffentlicht 11.09.2024 04:15:05
  • Zuletzt bearbeitet 25.09.2024 19:42:31

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. Thi...

6.4

CVE-2024-7588

  • EPSS 0.24%
  • Veröffentlicht 14.08.2024 05:15:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escapin...

5.4

CVE-2024-1988

  • EPSS 0.31%
  • Veröffentlicht 07.06.2024 04:15:25
  • Zuletzt bearbeitet 08.04.2026 19:20:56

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due...

6.4

CVE-2024-3155

  • EPSS 0.26%
  • Veröffentlicht 21.05.2024 03:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insuffi...

7.5

CVE-2024-32816

  • EPSS 0.53%
  • Veröffentlicht 24.04.2024 08:15:40
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.

5.4

CVE-2024-0881

Exploit
  • EPSS 13.07%
  • Veröffentlicht 11.04.2024 16:15:24
  • Zuletzt bearbeitet 09.05.2025 15:57:16

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJA...

7.1

CVE-2024-30441

  • EPSS 0.09%
  • Veröffentlicht 29.03.2024 18:15:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74.

6.4

CVE-2022-0447

Exploit
  • EPSS 0.29%
  • Veröffentlicht 11.04.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:38

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, lead...

6.1

CVE-2021-24986

Exploit
  • EPSS 0.29%
  • Veröffentlicht 11.04.2022 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:54:08

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form

6.1

CVE-2021-24488

Exploit
  • EPSS 11.53%
  • Veröffentlicht 02.08.2021 11:15:10
  • Zuletzt bearbeitet 21.11.2024 05:53:09

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues