CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37483 – WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37483
04 Jul 2024 — Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4. The The Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the save_block_css() function in versions up to, and including, 7.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to... • https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-plugin-7-7-4-broken-access-control-vulnerability-3?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35739 – WordPress The Post Grid plugin <= 7.7.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35739
06 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through 7.7.1. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en RadiusTheme The Post Grid permite XSS Almacenado. Este problema afecta a The Post Grid: desde n/a hasta 7.7.1. The The Post Grid – Shortcode, Gutenberg Blocks and Elementor... • https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-plugin-7-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34789 – WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34789
17 May 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through 2.0.16. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en el complemento WP Hait Post Grid Elementor permite XSS almacenado. Este problema afecta al complemento Post Grid Elementor: desde n/a hasta 2.0.16. ... • https://patchstack.com/database/vulnerability/post-grid-elementor-addon/wordpress-post-grid-elementor-addon-plugin-2-0-16-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32816 – WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability
https://notcve.org/view.php?id=CVE-2024-32816
22 Apr 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en PickPlugins Post Grid. Este problema afecta a Post Grid: desde n/a hasta 2.2.78. The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to... • https://patchstack.com/database/vulnerability/post-grid/wordpress-combo-blocks-plugin-2-2-78-sensitive-data-exposure-via-api-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30441 – WordPress Combo Blocks plugin <= 2.2.74 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30441
28 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en PickPlugins Post Grid permite el XSS reflejado. Este problema afecta a Post Grid: desde n/a hasta 2.2.74. The Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripti... • https://patchstack.com/database/vulnerability/post-grid/wordpress-combo-blocks-plugin-2-2-74-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29925 – WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29925
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en wpWax Post Grid, Slider & Carousel Ultimate permite XSS almacenado. Este problema afecta a Post Grid, Slider & Carousel Ultimate: de... • https://patchstack.com/database/vulnerability/post-grid-carousel-ultimate/wordpress-post-grid-slider-carousel-ultimate-plugin-1-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48750 – WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.1.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-48750
21 Aug 2023 — Missing Authorization vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.1.10. The Void Elementor Post Grid Addon for Elementor Page builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the void_grid_spare_me() function hooked via admin_init i... • https://patchstack.com/database/wordpress/plugin/void-elementor-post-grid-addon-for-elementor-page-builder/vulnerability/wordpress-void-elementor-post-grid-addon-for-elementor-page-builder-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •