CVE-2024-9645

Medium CVSS: 5.4

The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Vendor

Pickplugins

Product

Post Grid

CWE

CWE-79

Yayın Tarihi

2025-05-15 20:16:00

Güncelleme

2025-06-04 20:06:25

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Post Grid MEDIUM Pickplugins 2025

Referanslar

https://wpscan.com/vulnerability/cfd6db83-5e7f-4631-87c3-fdcd4c64c4fe/

Benzer Kayıtlar

Medium

CVE-2024-13469

The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link i…

Medium

CVE-2024-13796

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in…

Medium

CVE-2024-13798

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in al…

High

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is v…