Wpxpo

wpxpo

16 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Postx Gutenberg Blocks For Post Grid

postx_-_gutenberg_blocks_for_post_grid

CVEs (16)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10728 1Wpxpo 1Postx Jul 9, 2025 Nov 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callbac...Show more The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.Show less
CVE-2024-50443 1Wpxpo 1Postx Apr 1, 2026 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.12.
CVE-2024-4305 1Wpxpo 1Postx May 13, 2025 Jun 17, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which co...Show more The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-31246 1Wpxpo 1Postx Apr 23, 2026 Jun 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3.
CVE-2024-30542 1Wpxpo 1Wholesalex Mar 21, 2025 May 17, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.
CVE-2024-3239 1Wpxpo 1Postx May 14, 2025 May 14, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which co...Show more The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-30224 1Wpxpo 1Wholesalex Apr 28, 2026 Mar 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.
CVE-2024-30234 1Wpxpo 1Wholesalex Apr 28, 2026 Mar 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.
CVE-2024-30233 1Wpxpo 1Wholesalex Apr 28, 2026 Mar 26, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.
CVE-2024-23512 1Wpxpo 1Wowstore Apr 28, 2026 Feb 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3....Show more Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.Show less
CVE-2023-3992 1Wpxpo 1Postx Apr 23, 2025 Aug 30, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...Show more The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2023-36385 1Wpxpo 1Postx Apr 28, 2026 Jul 25, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.
CVE-2021-24661 1Wpxpo 1Postx Gutenberg Blocks For Post Grid Nov 21, 2024 Sep 27, 2021 N/A· v4 4.3 MEDIUM· v3 3.5 LOW· v2 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is...Show more The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.Show less
CVE-2021-24660 1Wpxpo 1Postx Gutenberg Blocks For Post Grid Nov 21, 2024 Sep 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin'...Show more The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.Show less
CVE-2021-24659 1Wpxpo 1Postx Gutenberg Blocks For Post Grid Nov 21, 2024 Sep 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.
CVE-2021-24652 1Wpxpo 1Postx Gutenberg Blocks For Post Grid Nov 21, 2024 Sep 27, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_...Show more The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.Show less