Every CVE whose affected-product data names Pickplugins Post Grid, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2024-8253 — CVSS 8.8 (high): The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due…
CVE-2021-4450 — CVSS 8.8 (high): The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to…
CVE-2020-35938 — CVSS 7.5 (high): PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject…
CVE-2020-35936 — CVSS 7.5 (high): Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers…
CVE-2024-13408 — CVSS 7.5 (high): The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to…
CVE-2020-35939 — CVSS 7.5 (high): PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to…
CVE-2020-35937 — CVSS 7.5 (high): Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated…
CVE-2022-0447 — CVSS 6.4 (medium): The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the…
CVE-2024-1988 — CVSS 6.4 (medium): The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable…
CVE-2021-24986 — CVSS 6.1 (medium): The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a…
CVE-2021-24488 — CVSS 6.1 (medium): The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised…
CVE-2024-9645 — CVSS 5.4 (medium): The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of…
CVE-2024-0881 — CVSS 5.4 (medium): The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper…
CVE-2024-13796 — CVSS 5.3 (medium): The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up…