Show filters
79 Total Results
Displaying 61-70 of 79
Sort by:
Attacker Value
Unknown
CVE-2023-39923
Disclosure Date: October 03, 2023 (last updated October 09, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.
0
Attacker Value
Unknown
CVE-2023-32598
Disclosure Date: August 25, 2023 (last updated October 08, 2023)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions.
0
Attacker Value
Unknown
CVE-2022-46853
Disclosure Date: May 23, 2023 (last updated October 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions.
0
Attacker Value
Unknown
CVE-2022-4747
Disclosure Date: February 06, 2023 (last updated October 08, 2023)
The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
0
Attacker Value
Unknown
CVE-2023-0097
Disclosure Date: January 30, 2023 (last updated October 08, 2023)
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
0
Attacker Value
Unknown
CVE-2022-2597
Disclosure Date: September 05, 2022 (last updated October 08, 2023)
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts
0
Attacker Value
Unknown
CVE-2022-2543
Disclosure Date: September 05, 2022 (last updated October 08, 2023)
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts
0
Attacker Value
Unknown
CVE-2022-1266
Disclosure Date: June 20, 2022 (last updated October 07, 2023)
The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
0
Attacker Value
Unknown
CVE-2022-0447
Disclosure Date: April 11, 2022 (last updated October 07, 2023)
The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting
0
Attacker Value
Unknown
CVE-2021-24986
Disclosure Date: April 11, 2022 (last updated October 07, 2023)
The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form
0
