cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10728,https://securityvulnerability.io/vulnerability/CVE-2024-10728,Unauthorized Plugin Installation Vulnerability Affects PostX Plugin for WordPress,"The Post Grid Gutenberg Blocks and PostX plugin for WordPress suffers from a security flaw that allows authenticated users with Subscriber-level access and above to install and activate arbitrary plugins. This vulnerability arises from a missing capability check in the 'install_required_plugin_callback' function across all versions up to 4.1.16. If another vulnerable plugin is already present, the unauthorized installation could lead to remote code execution, severely compromising the security of affected WordPress installations.",Wordpress,Post Grid Gutenberg Blocks And WordPress Blog Plugin – Postx,8.8,HIGH,0.0006600000197067857,false,,false,false,true,true,false,false,2024-11-16T04:29:15.146Z,0
CVE-2024-5326,https://securityvulnerability.io/vulnerability/CVE-2024-5326,Unauthorized Modification of Data Vulnerability in PostX Plugin for WordPress,"The Post Grid Gutenberg Blocks and PostX plugin for WordPress contains a vulnerability that exposes the site to unauthorized data modifications due to an inadequate capability check on the 'postx_presets_callback' function. This defect affects all versions up to and including 4.1.2. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to alter arbitrary settings on the affected sites. This capability may lead to unauthorized user registration and potentially promote new users to Administrator roles, significantly compromising site integrity and security.",Wordpress,Post Grid Gutenberg Blocks And WordPress Blog Plugin – Postx,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-30T10:59:29.483Z,0
CVE-2024-5223,https://securityvulnerability.io/vulnerability/CVE-2024-5223,Arbitrary Web Script Injection Vulnerability in PostX Plugin,"The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Post Grid Gutenberg Blocks And WordPress Blog Plugin – Postx,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-30T03:34:27.682Z,0
CVE-2021-24661,https://securityvulnerability.io/vulnerability/CVE-2021-24661,PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure,"The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.",Wordpress,Postx – Gutenberg Blocks For Post Grid,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2021-09-27T15:25:35.000Z,0
CVE-2021-24660,https://securityvulnerability.io/vulnerability/CVE-2021-24660,PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting,"The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.",Wordpress,Postx – Gutenberg Blocks For Post Grid,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2021-09-27T15:25:33.000Z,0
CVE-2021-24659,https://securityvulnerability.io/vulnerability/CVE-2021-24659,PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting,The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.,Wordpress,Postx – Gutenberg Blocks For Post Grid,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2021-09-27T15:25:32.000Z,0
CVE-2021-24652,https://securityvulnerability.io/vulnerability/CVE-2021-24652,PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls,"The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.",Wordpress,Postx – Gutenberg Blocks For Post Grid,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2021-09-27T15:25:30.000Z,0