Search criteria
8 vulnerabilities found for PostX – Gutenberg Blocks for Post Grid by Unknown
CVE-2021-24661 (GCVE-0-2021-24661)
Vulnerability from nvd – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:42
VLAI?
Title
PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PostX – Gutenberg Blocks for Post Grid |
Affected:
2.4.10 , < 2.4.10
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostX \u2013 Gutenberg Blocks for Post Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "2.4.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T15:25:35",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Private Content Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24661",
"STATE": "PUBLIC",
"TITLE": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Private Content Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.10",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24661",
"datePublished": "2021-09-27T15:25:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24660 (GCVE-0-2021-24660)
Vulnerability from nvd – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:35
VLAI?
Title
PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PostX – Gutenberg Blocks for Post Grid |
Affected:
2.4.10 , < 2.4.10
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostX \u2013 Gutenberg Blocks for Post Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "2.4.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin\u0027s shortcode."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T15:25:33",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Contributor+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24660",
"STATE": "PUBLIC",
"TITLE": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Contributor+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.10",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin\u0027s shortcode."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24660",
"datePublished": "2021-09-27T15:25:33",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24659 (GCVE-0-2021-24659)
Vulnerability from nvd – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:35
VLAI?
Title
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PostX – Gutenberg Blocks for Post Grid |
Affected:
2.4.10 , < 2.4.10
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostX \u2013 Gutenberg Blocks for Post Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "2.4.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin\u0027s block."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T15:25:32",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PostX Gutenberg Blocks for Post Grid \u003c 2.4.10 - Contributor+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24659",
"STATE": "PUBLIC",
"TITLE": "PostX Gutenberg Blocks for Post Grid \u003c 2.4.10 - Contributor+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.10",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin\u0027s block."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24659",
"datePublished": "2021-09-27T15:25:32",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24652 (GCVE-0-2021-24652)
Vulnerability from nvd – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:35
VLAI?
Title
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PostX – Gutenberg Blocks for Post Grid |
Affected:
2.4.10 , < 2.4.10
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostX \u2013 Gutenberg Blocks for Post Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "2.4.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T15:25:30",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PostX Gutenberg Blocks for Post Grid \u003c 2.4.10 - Missing Access Controls",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24652",
"STATE": "PUBLIC",
"TITLE": "PostX Gutenberg Blocks for Post Grid \u003c 2.4.10 - Missing Access Controls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.10",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24652",
"datePublished": "2021-09-27T15:25:30",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24661 (GCVE-0-2021-24661)
Vulnerability from cvelistv5 – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:42
VLAI?
Title
PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PostX – Gutenberg Blocks for Post Grid |
Affected:
2.4.10 , < 2.4.10
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostX \u2013 Gutenberg Blocks for Post Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "2.4.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T15:25:35",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Private Content Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24661",
"STATE": "PUBLIC",
"TITLE": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Private Content Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.10",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24661",
"datePublished": "2021-09-27T15:25:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24660 (GCVE-0-2021-24660)
Vulnerability from cvelistv5 – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:35
VLAI?
Title
PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PostX – Gutenberg Blocks for Post Grid |
Affected:
2.4.10 , < 2.4.10
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostX \u2013 Gutenberg Blocks for Post Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "2.4.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin\u0027s shortcode."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T15:25:33",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Contributor+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24660",
"STATE": "PUBLIC",
"TITLE": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Contributor+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.10",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin\u0027s shortcode."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/af14ac23-843d-4f80-beaf-237618109edd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24660",
"datePublished": "2021-09-27T15:25:33",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24659 (GCVE-0-2021-24659)
Vulnerability from cvelistv5 – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:35
VLAI?
Title
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PostX – Gutenberg Blocks for Post Grid |
Affected:
2.4.10 , < 2.4.10
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostX \u2013 Gutenberg Blocks for Post Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "2.4.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin\u0027s block."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T15:25:32",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PostX Gutenberg Blocks for Post Grid \u003c 2.4.10 - Contributor+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24659",
"STATE": "PUBLIC",
"TITLE": "PostX Gutenberg Blocks for Post Grid \u003c 2.4.10 - Contributor+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.10",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin\u0027s block."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5f2fe510-7513-4d33-82d9-3107b3b3f2ae"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24659",
"datePublished": "2021-09-27T15:25:32",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24652 (GCVE-0-2021-24652)
Vulnerability from cvelistv5 – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:35
VLAI?
Title
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PostX – Gutenberg Blocks for Post Grid |
Affected:
2.4.10 , < 2.4.10
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostX \u2013 Gutenberg Blocks for Post Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "2.4.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T15:25:30",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PostX Gutenberg Blocks for Post Grid \u003c 2.4.10 - Missing Access Controls",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24652",
"STATE": "PUBLIC",
"TITLE": "PostX Gutenberg Blocks for Post Grid \u003c 2.4.10 - Missing Access Controls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.10",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24652",
"datePublished": "2021-09-27T15:25:30",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}