| CVE-2024-4043 | WP Ultimate Post Grid <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-text Shortcode | brechtvds | WP Ultimate Post Grid | Medium | 6.4 | 2024-05-23 06:46:02 | Deep Dive |
| CVE-2024-3155 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-05-21 02:32:59 | Deep Dive |
| CVE-2024-4363 | Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter | nko | Visual Portfolio, Photo Gallery & Post Grid | Medium | 6.4 | 2024-05-14 23:31:45 | Deep Dive |
| CVE-2024-3239 | PostX < 4.0.2 - Contributor+ Stored XSS | Unknown | Post Grid Gutenberg Blocks and WordPress Blog Plugin | 中危 | - | 2024-05-13 06:00:01 | Deep Dive |
| CVE-2024-4446 | Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2024-05-09 20:03:30 | Deep Dive |
| CVE-2024-34372 | WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability | AddonMaster | Post Grid Master | Medium | 5.3 | 2024-05-06 18:59:59 | Deep Dive |
| CVE-2024-34390 | WordPress Post Grid Master plugin <= 3.4.8 - Auth. Cross Site Scripting (XSS) vulnerability | AddonMaster | Post Grid Master | Medium | 6.5 | 2024-05-06 18:21:57 | Deep Dive |
| CVE-2024-3936 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization | techlabpro1 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | Medium | 4.3 | 2024-05-02 16:52:52 | Deep Dive |
| CVE-2024-3929 | Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2024-04-25 07:33:58 | Deep Dive |
| CVE-2024-32816 | WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability | PickPlugins | Post Grid | High | 7.5 | 2024-04-24 07:41:32 | Deep Dive |
| CVE-2024-0881 | Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access | Unknown | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel | - | - | 2024-04-11 15:36:31 | Deep Dive |
| CVE-2024-3020 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | High | 7.2 | 2024-04-10 04:30:22 | Deep Dive |
| CVE-2024-2949 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | Medium | 6.4 | 2024-04-06 06:47:19 | Deep Dive |
| CVE-2024-30441 | WordPress Combo Blocks plugin <= 2.2.74 - Reflected Cross Site Scripting (XSS) vulnerability | PickPlugins | Post Grid | High | 7.1 | 2024-03-29 17:14:47 | Deep Dive |
| CVE-2024-29925 | WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability | wpWax | Post Grid, Slider & Carousel Ultimate | Medium | 6.5 | 2024-03-27 07:26:10 | Deep Dive |
| CVE-2024-2286 | Sky Addons for Elementor <= 2.4.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 6.4 | 2024-03-13 15:27:18 | Deep Dive |
| CVE-2024-2006 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 8.8 | 2024-03-13 15:27:04 | Deep Dive |
| CVE-2023-7072 | Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint | pickplugins | Post Grid | High | 7.5 | 2024-03-12 22:32:27 | Deep Dive |
| CVE-2024-0612 | Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 4.4 | 2024-02-05 21:21:57 | Deep Dive |
| CVE-2023-6645 | Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-01-11 08:32:50 | Deep Dive |