cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10728,https://securityvulnerability.io/vulnerability/CVE-2024-10728,Unauthorized Plugin Installation Vulnerability Affects PostX Plugin for WordPress,"The Post Grid Gutenberg Blocks and PostX plugin for WordPress suffers from a security flaw that allows authenticated users with Subscriber-level access and above to install and activate arbitrary plugins. This vulnerability arises from a missing capability check in the 'install_required_plugin_callback' function across all versions up to 4.1.16. If another vulnerable plugin is already present, the unauthorized installation could lead to remote code execution, severely compromising the security of affected WordPress installations.",Wordpress,Post Grid Gutenberg Blocks And WordPress Blog Plugin – Postx,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-11-16T19:51:56.000Z,true,false,false,,2024-11-16T04:29:15.146Z,0
CVE-2024-5326,https://securityvulnerability.io/vulnerability/CVE-2024-5326,Unauthorized Modification of Data Vulnerability in PostX Plugin for WordPress,"The Post Grid Gutenberg Blocks and PostX plugin for WordPress contains a vulnerability that exposes the site to unauthorized data modifications due to an inadequate capability check on the 'postx_presets_callback' function. This defect affects all versions up to and including 4.1.2. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to alter arbitrary settings on the affected sites. This capability may lead to unauthorized user registration and potentially promote new users to Administrator roles, significantly compromising site integrity and security.",Wordpress,Post Grid Gutenberg Blocks And WordPress Blog Plugin – Postx,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-30T10:59:29.483Z,0
CVE-2024-5223,https://securityvulnerability.io/vulnerability/CVE-2024-5223,Arbitrary Web Script Injection Vulnerability in PostX Plugin,"The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Post Grid Gutenberg Blocks And WordPress Blog Plugin – Postx,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-30T03:34:27.682Z,0