Pickplugins Post Grid Combo
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pickplugins Post Grid Combo.
By the Year
In 2026 there have been 0 vulnerabilities in Pickplugins Post Grid Combo. Post Grid Combo did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 4 | 6.40 |
| 2023 | 1 | 7.50 |
It may take a day or so for new Post Grid Combo vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pickplugins Post Grid Combo Security Vulnerabilities
WordPress PickPlugins Related Posts Plugin SI Exposure 2.0.58
CVE-2024-10937
5.3 - Medium
- December 05, 2024
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.
Authorization
Combo Blocks Plugin <=2.2.80 XSS via params
CVE-2024-3155
6.4 - Medium
- May 21, 2024
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Sensitive Info Exposure: Post Grid Combo 36+2.2.68 via get_posts
CVE-2023-7072
7.5 - High
- March 12, 2024
The Post Grid Combo 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.
Exposure of Sensitive Information Through Data Queries
Post Grid Combo 36+ Gutenberg WP: Stored XSS via custom JS (v2.2.64)
CVE-2023-6645
6.4 - Medium
- January 11, 2024
The Post Grid Combo 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Info Disclosure in PickPlugins Post Grid Combo 36+ Gutenberg Blocks v2.2.50
CVE-2023-40211
7.5 - High
- November 30, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo 36+ Gutenberg Blocks.This issue affects Post Grid Combo 36+ Gutenberg Blocks: from n/a through 2.2.50.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pickplugins Post Grid Combo or by Pickplugins? Click the Watch button to subscribe.
