Pickplugins Post_grid
14 CVEs affecting Pickplugins Post_grid. Latest disclosed: 2025-05-15. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-4450 | High | 8.8 | 2024-10-16 | The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping… |
CVE-2024-8253 | High | 8.8 | 2024-09-11 | The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not p… |
CVE-2024-13408 | High | 7.5 | 2025-01-24 | The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in al… |
CVE-2020-35939 | High | 7.5 | 2021-01-01 | PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP obje… |
CVE-2020-35938 | High | 7.5 | 2021-01-01 | PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects d… |
CVE-2020-35937 | High | 7.5 | 2021-01-01 | Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layou… |
CVE-2020-35936 | High | 7.5 | 2021-01-01 | Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts in… |
CVE-2024-1988 | Medium | 6.4 | 2024-06-07 | The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site S… |
CVE-2022-0447 | Medium | 6.4 | 2022-04-11 | The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_u… |
CVE-2021-24986 | Medium | 6.1 | 2022-04-11 | The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site… |
CVE-2021-24488 | Medium | 6.1 | 2021-08-02 | The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back… |
CVE-2024-9645 | Medium | 5.4 | 2025-05-15 | The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options be… |
CVE-2024-0881 | Medium | 5.4 | 2024-04-11 | The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resu… |
CVE-2024-13796 | Medium | 5.3 | 2025-02-28 | The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3… |