CVE-2026-3017
- EPSS 0.04%
- Veröffentlicht 14.04.2026 05:30:32
- Zuletzt bearbeitet 14.04.2026 06:16:05
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the import_shortcodes()...
CVE-2024-8187
- EPSS 0.23%
- Veröffentlicht 15.05.2025 20:15:58
- Zuletzt bearbeitet 27.05.2025 19:53:19
The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa...
CVE-2024-3996
- EPSS 0.24%
- Veröffentlicht 15.05.2025 20:15:53
- Zuletzt bearbeitet 13.11.2025 21:15:47
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis...
CVE-2023-0097
- EPSS 0.2%
- Veröffentlicht 30.01.2023 21:15:13
- Zuletzt bearbeitet 21.04.2025 14:17:01
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributo...