CVE-2025-24782
- EPSS 0.11%
- Published 27.01.2025 15:15:17
- Last modified 10.03.2025 18:30:35
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ulti...
CVE-2024-13409
- EPSS 0.28%
- Published 24.01.2025 11:15:09
- Last modified 05.02.2025 01:36:36
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_han...
CVE-2024-29925
- EPSS 0.18%
- Published 27.03.2024 08:15:40
- Last modified 10.03.2025 16:12:06
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6.
CVE-2024-2006
- EPSS 1.91%
- Published 13.03.2024 16:15:30
- Last modified 13.03.2025 00:55:44
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpos...
CVE-2022-1266
- EPSS 0.27%
- Published 20.06.2022 11:15:09
- Last modified 21.11.2024 06:40:22
The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallow...