RSS   Vulnerabilities for
'Postx - gutenberg blocks for post grid'
   RSS

2021-09-27
 
CVE-2021-24652

CWE-863
 

 
The PostX ??�??�?? Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.

 
 
CVE-2021-24659

CWE-79
 

 
The PostX ??�??�?? Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.

 
 
CVE-2021-24660

CWE-79
 

 
The PostX ??�??�?? Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.

 
 
CVE-2021-24661

CWE-200
 

 
The PostX ??�??�?? Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.

 


Copyright 2024, cxsecurity.com

 

Back to Top