| CVE-2021-4450 | Post Grid <= 2.1.12 - Contributor+ SQL Injection | pickplugins | Post Grid | High | 8.8 | 2024-10-16 06:43:38 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9051 | WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode | brechtvds | WP Ultimate Post Grid | Medium | 6.4 | 2024-10-11 07:37:47 | Deep Dive |
| CVE-2024-9622 | Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4 | - | - | Medium | 5.3 | 2024-10-08 16:26:13 | Deep Dive |
| CVE-2024-47340 | WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability | PickPlugins | Post Grid and Gutenberg Blocks | Medium | 6.5 | 2024-10-06 10:51:25 | Deep Dive |
| CVE-2024-9218 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting | wpblockart | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | Medium | 6.1 | 2024-10-02 08:31:51 | Deep Dive |
| CVE-2024-8288 | Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute | adreastrian | Guten Post Layout – An Advanced Post Grid Collection | Medium | 6.4 | 2024-10-01 08:30:15 | Deep Dive |
| CVE-2024-3635 | The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation | Unknown | The Post Grid | 中危 | - | 2024-09-30 06:00:06 | Deep Dive |
| CVE-2024-44048 | WordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerability | wpWax | Product Carousel Slider & Grid Ultimate for WooCommerce | Medium | 6.5 | 2024-09-23 00:03:59 | Deep Dive |
| CVE-2024-43989 | WordPress Justified Image Grid plugin <= 4.6.1 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability | Firsh | Justified Image Grid | High | 7.5 | 2024-09-22 23:59:41 | Deep Dive |
| CVE-2024-8253 | Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation | pickplugins | Post Grid and Gutenberg Blocks | High | 8.8 | 2024-09-11 03:31:08 | Deep Dive |
| CVE-2024-7418 | The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure | techlabpro1 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | Medium | 4.3 | 2024-08-29 03:52:58 | Deep Dive |
| CVE-2024-8030 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Critical | 9.8 | 2024-08-28 02:05:47 | Deep Dive |
| CVE-2024-8046 | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | wpwax | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | Medium | 6.4 | 2024-08-27 07:34:33 | Deep Dive |
| CVE-2024-7885 | Undertow: improper state management in proxy protocol parsing causes information leakage | - | - | High | 7.5 | 2024-08-21 14:13:37 | Deep Dive |
| CVE-2024-5335 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Critical | 9.8 | 2024-08-21 08:29:15 | Deep Dive |
| CVE-2024-43281 | WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.3 - Local File Inclusion vulnerability | VOID CODERS | Void Elementor Post Grid Addon for Elementor Page builder | Medium | 5.3 | 2024-08-19 17:47:19 | Deep Dive |
| CVE-2024-7247 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-08-13 05:30:55 | Deep Dive |
| CVE-2024-43156 | WordPress Post Grid Master plugin <= 3.4.10 - Reflected Cross Site Scripting (XSS) vulnerability | AddonMaster | Post Grid Master | High | 7.1 | 2024-08-12 22:03:12 | Deep Dive |
| CVE-2024-4359 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.5 | 2024-08-09 04:29:50 | Deep Dive |