Search criteria
6 vulnerabilities found for post_grid_combo by pickplugins
CVE-2023-7072 (GCVE-0-2023-7072)
Vulnerability from nvd – Published: 2024-03-12 22:32 – Updated: 2024-08-28 15:05
VLAI?
Summary
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pickplugins | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks |
Affected:
* , ≤ 2.2.68
(semver)
|
Credits
Hung -mov Nguyen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:08.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.68/src/functions-rest.php#L1670"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.69/includes/blocks/functions-rest.php#L1670"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pickplugins:post_grid_combo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "post_grid_combo",
"vendor": "pickplugins",
"versions": [
{
"lessThanOrEqual": "2.2.68",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T15:36:42.992284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:05:17.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks",
"vendor": "pickplugins",
"versions": [
{
"lessThanOrEqual": "2.2.68",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hung -mov Nguyen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the \u0027get_posts\u0027 REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-202 Exposure of Sensitive Data Through Data Queries",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T22:32:27.035Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.68/src/functions-rest.php#L1670"
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.69/includes/blocks/functions-rest.php#L1670"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-12T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-7072",
"datePublished": "2024-03-12T22:32:27.035Z",
"dateReserved": "2023-12-21T22:09:26.886Z",
"dateUpdated": "2024-08-28T15:05:17.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6645 (GCVE-0-2023-6645)
Vulnerability from nvd – Published: 2024-01-11 08:32 – Updated: 2025-06-17 21:09
VLAI?
Summary
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pickplugins | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks |
Affected:
* , ≤ 2.2.64
(semver)
|
Credits
Rafshanzani Suhada
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab777672-6eef-4078-932d-24bb784107fa?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3010342%40post-grid%2Ftrunk\u0026old=2999466%40post-grid%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T01:27:47.427238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:13.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks",
"vendor": "pickplugins",
"versions": [
{
"lessThanOrEqual": "2.2.64",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafshanzani Suhada"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:49.663Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab777672-6eef-4078-932d-24bb784107fa?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3010342%40post-grid%2Ftrunk\u0026old=2999466%40post-grid%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-07T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-12-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-12-15T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6645",
"datePublished": "2024-01-11T08:32:49.663Z",
"dateReserved": "2023-12-08T20:55:13.445Z",
"dateUpdated": "2025-06-17T21:09:13.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40211 (GCVE-0-2023-40211)
Vulnerability from nvd – Published: 2023-11-30 15:03 – Updated: 2024-08-02 18:24
VLAI?
Title
WordPress Post Grid Plugin <= 2.2.50 is vulnerable to Sensitive Data Exposure
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PickPlugins | Post Grid Combo – 36+ Gutenberg Blocks |
Affected:
n/a , ≤ 2.2.50
(custom)
|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/post-grid/wordpress-post-grid-combo-plugin-2-2-50-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "post-grid",
"product": "Post Grid Combo \u2013 36+ Gutenberg Blocks",
"vendor": "PickPlugins",
"versions": [
{
"changes": [
{
"at": "2.2.51",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.50",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo \u2013 36+ Gutenberg Blocks.\u003cp\u003eThis issue affects Post Grid Combo \u2013 36+ Gutenberg Blocks: from n/a through 2.2.50.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo \u2013 36+ Gutenberg Blocks.This issue affects Post Grid Combo \u2013 36+ Gutenberg Blocks: from n/a through 2.2.50.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T15:03:24.108Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/post-grid/wordpress-post-grid-combo-plugin-2-2-50-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.2.51 or a higher version."
}
],
"value": "Update to\u00a02.2.51 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Post Grid Plugin \u003c= 2.2.50 is vulnerable to Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-40211",
"datePublished": "2023-11-30T15:03:24.108Z",
"dateReserved": "2023-08-10T13:20:36.817Z",
"dateUpdated": "2024-08-02T18:24:55.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7072 (GCVE-0-2023-7072)
Vulnerability from cvelistv5 – Published: 2024-03-12 22:32 – Updated: 2024-08-28 15:05
VLAI?
Summary
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pickplugins | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks |
Affected:
* , ≤ 2.2.68
(semver)
|
Credits
Hung -mov Nguyen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:08.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.68/src/functions-rest.php#L1670"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.69/includes/blocks/functions-rest.php#L1670"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pickplugins:post_grid_combo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "post_grid_combo",
"vendor": "pickplugins",
"versions": [
{
"lessThanOrEqual": "2.2.68",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T15:36:42.992284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:05:17.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks",
"vendor": "pickplugins",
"versions": [
{
"lessThanOrEqual": "2.2.68",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hung -mov Nguyen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the \u0027get_posts\u0027 REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-202 Exposure of Sensitive Data Through Data Queries",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T22:32:27.035Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.68/src/functions-rest.php#L1670"
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.69/includes/blocks/functions-rest.php#L1670"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-12T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-7072",
"datePublished": "2024-03-12T22:32:27.035Z",
"dateReserved": "2023-12-21T22:09:26.886Z",
"dateUpdated": "2024-08-28T15:05:17.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6645 (GCVE-0-2023-6645)
Vulnerability from cvelistv5 – Published: 2024-01-11 08:32 – Updated: 2025-06-17 21:09
VLAI?
Summary
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pickplugins | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks |
Affected:
* , ≤ 2.2.64
(semver)
|
Credits
Rafshanzani Suhada
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab777672-6eef-4078-932d-24bb784107fa?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3010342%40post-grid%2Ftrunk\u0026old=2999466%40post-grid%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T01:27:47.427238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:13.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks",
"vendor": "pickplugins",
"versions": [
{
"lessThanOrEqual": "2.2.64",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafshanzani Suhada"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:49.663Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab777672-6eef-4078-932d-24bb784107fa?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3010342%40post-grid%2Ftrunk\u0026old=2999466%40post-grid%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-07T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-12-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-12-15T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6645",
"datePublished": "2024-01-11T08:32:49.663Z",
"dateReserved": "2023-12-08T20:55:13.445Z",
"dateUpdated": "2025-06-17T21:09:13.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40211 (GCVE-0-2023-40211)
Vulnerability from cvelistv5 – Published: 2023-11-30 15:03 – Updated: 2024-08-02 18:24
VLAI?
Title
WordPress Post Grid Plugin <= 2.2.50 is vulnerable to Sensitive Data Exposure
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PickPlugins | Post Grid Combo – 36+ Gutenberg Blocks |
Affected:
n/a , ≤ 2.2.50
(custom)
|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/post-grid/wordpress-post-grid-combo-plugin-2-2-50-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "post-grid",
"product": "Post Grid Combo \u2013 36+ Gutenberg Blocks",
"vendor": "PickPlugins",
"versions": [
{
"changes": [
{
"at": "2.2.51",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.50",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo \u2013 36+ Gutenberg Blocks.\u003cp\u003eThis issue affects Post Grid Combo \u2013 36+ Gutenberg Blocks: from n/a through 2.2.50.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo \u2013 36+ Gutenberg Blocks.This issue affects Post Grid Combo \u2013 36+ Gutenberg Blocks: from n/a through 2.2.50.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T15:03:24.108Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/post-grid/wordpress-post-grid-combo-plugin-2-2-50-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.2.51 or a higher version."
}
],
"value": "Update to\u00a02.2.51 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Post Grid Plugin \u003c= 2.2.50 is vulnerable to Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-40211",
"datePublished": "2023-11-30T15:03:24.108Z",
"dateReserved": "2023-08-10T13:20:36.817Z",
"dateUpdated": "2024-08-02T18:24:55.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}