Pickplugins

Post Grid

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-8253

  • EPSS 1.58%
  • Veröffentlicht 11.09.2024 04:15:05
  • Zuletzt bearbeitet 25.09.2024 19:42:31

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. Thi...

5.4

CVE-2024-1988

  • EPSS 0.31%
  • Veröffentlicht 07.06.2024 04:15:25
  • Zuletzt bearbeitet 21.11.2024 08:51:44

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due...

7.5

CVE-2024-32816

  • EPSS 0.53%
  • Veröffentlicht 24.04.2024 08:15:40
  • Zuletzt bearbeitet 21.11.2024 09:15:47

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.

5.4

CVE-2024-0881

Exploit
  • EPSS 11.97%
  • Veröffentlicht 11.04.2024 16:15:24
  • Zuletzt bearbeitet 09.05.2025 15:57:16

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJA...

7.1

CVE-2024-30441

  • EPSS 0.09%
  • Veröffentlicht 29.03.2024 18:15:13
  • Zuletzt bearbeitet 21.11.2024 09:11:55

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74.

6.4

CVE-2022-0447

Exploit
  • EPSS 0.29%
  • Veröffentlicht 11.04.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:38

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, lead...

6.1

CVE-2021-24986

Exploit
  • EPSS 0.29%
  • Veröffentlicht 11.04.2022 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:54:08

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form

6.1

CVE-2021-24488

Exploit
  • EPSS 11.53%
  • Veröffentlicht 02.08.2021 11:15:10
  • Zuletzt bearbeitet 21.11.2024 05:53:09

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues

8

CVE-2020-35936

Exploit
  • EPSS 1.32%
  • Veröffentlicht 01.01.2021 02:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:33

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter v...

8.8

CVE-2020-35939

Exploit
  • EPSS 1.4%
  • Veröffentlicht 01.01.2021 02:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:33

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload i...