CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24661 – PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure
https://notcve.org/view.php?id=CVE-2021-24661
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. El plugin PostX - Gutenberg Blocks for Post Grid de WordPress versiones anteriores a 2.4.10, con el Complemento de Plantillas Guardadas habilitado, permite a usuarios con roles de Contribuyente o superiores leer contenidos de publicaciones protegidas por contraseña o privadas que el usuario no puede leer de otra manera, dado el ID de la publicación • https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24660 – PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24660
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. El plugin PostX - Gutenberg Blocks for Post Grid de WordPress versiones anteriores a 2.4.10, con el Complemento de Plantillas Guardadas activado, permite a usuarios con un rol tan bajo como el de Contribuyente llevar a cabo ataques de Cross-Site Scripting almacenado por medio del shortcode del plugin • https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24659 – PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24659
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. El plugin PostX â€" Gutenberg Blocks for Post Grid de WordPress versiones anteriores a 2.4.10, permite a usuarios con un rol tan bajo como el de Contribuyente llevar a cabo ataques de tipo Cross-Site Scripting Almacenados por medio del bloque del plugin • https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24652 – PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls
https://notcve.org/view.php?id=CVE-2021-24652
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values. El plugin PostX - Gutenberg Blocks for Post Grid de WordPress versiones anteriores a 2.4.10, lleva a cabo comprobaciones incorrectas antes de permitir a cualquier usuario conectado llevar a cabo algunas peticiones basadas en ajax, permitiendo a cualquier usuario modificar, eliminar o añadir valores ultp_options • https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c • CWE-863: Incorrect Authorization •