| CVE-2026-0894 | Content Blocks (Custom Post Widget) <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting via content_block Shortcode | vanderwijk | Content Blocks (Custom Post Widget) | Medium | 6.4 | 2026-04-18 09:26:52 | Deep Dive |
| CVE-2026-0718 | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | Medium | 5.3 | 2026-04-16 07:39:51 | Deep Dive |
| CVE-2026-5711 | Post Blocks & Tools <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute | pubudu-malalasekara | Post Blocks & Tools | Medium | 6.4 | 2026-04-08 21:25:27 | Deep Dive |
| CVE-2026-1273 | PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 7.2 | 2026-03-04 01:21:59 | Deep Dive |
| CVE-2025-68605 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2025-12-24 13:10:48 | Deep Dive |
| CVE-2025-12980 | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 7.5 | 2025-12-21 02:20:33 | Deep Dive |
| CVE-2025-63043 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Insecure Direct Object References (IDOR) vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 5.3 | 2025-12-18 16:45:08 | Deep Dive |
| CVE-2025-66058 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2025-12-18 16:15:15 | Deep Dive |
| CVE-2025-62924 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2025-10-27 01:33:59 | Deep Dive |
| CVE-2025-8722 | Content Views <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List Widgets | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2025-09-06 03:22:35 | Deep Dive |
| CVE-2025-54007 | WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | High | 8.8 | 2025-08-20 08:03:05 | Deep Dive |
| CVE-2025-4684 | BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites <= 3.2.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Image Slider Widgets | blockspare | BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor | Medium | 6.4 | 2025-08-01 11:18:55 | Deep Dive |
| CVE-2025-5940 | Osom Blocks <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter | osompress | Osom Blocks | Medium | 6.4 | 2025-06-27 07:22:23 | Deep Dive |
| CVE-2024-13796 | Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure | pickplugins | Post Grid | Medium | 5.3 | 2025-02-28 04:21:56 | Deep Dive |
| CVE-2024-13798 | Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation | pickplugins | Post Grid | Medium | 5.3 | 2025-02-22 04:21:16 | Deep Dive |
| CVE-2024-6432 | Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter | vanderwijk | Content Blocks (Custom Post Widget) | Medium | 6.4 | 2025-02-20 09:21:37 | Deep Dive |
| CVE-2024-9636 | Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation | pickplugins | Post Grid and Gutenberg Blocks – ComboBlocks | Critical | 9.8 | 2025-01-15 09:25:54 | Deep Dive |
| CVE-2024-51928 | WordPress Blocks Post Grid plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | Jakir Hasan | Blocks Post Grid | Medium | 6.5 | 2024-11-19 16:30:54 | Deep Dive |
| CVE-2024-10728 | PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 8.8 | 2024-11-16 04:29:15 | Deep Dive |
| CVE-2024-50432 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.93 - Cross Site Scripting (XSS) vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2024-10-28 18:17:12 | Deep Dive |