Pickplugins Post Grid And Gutenberg Blocks vulnerabilities
8 known vulnerabilities affecting pickplugins/post_grid_and_gutenberg_blocks.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1UNKNOWN5
Vulnerabilities
Page 1 of 1
CVE-2025-68605MEDIUMCVSS 5.4≤ 2.3.232025-12-24
CVE-2025-68605 [MEDIUM] CWE-79 CVE-2025-68605: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
cvelistv5nvd
CVE-2025-66058UNKNOWN≤ 2.3.172025-12-18
CVE-2025-66058 CWE-862 CVE-2025-66058: Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows E
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
cvelistv5nvd
CVE-2025-63043UNKNOWN≤ 2.3.232025-12-18
CVE-2025-63043 CWE-639 CVE-2025-63043: Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenber
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
cvelistv5nvd
CVE-2025-62924HIGHCVSS 8.8≤ 2.3.172025-10-27
CVE-2025-62924 [HIGH] CWE-862 CVE-2025-62924: Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows E
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
cvelistv5nvd
CVE-2025-54007UNKNOWN≤ 2.3.112025-08-20
CVE-2025-54007 CWE-502 CVE-2025-54007: Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-g
Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.11.
cvelistv5nvd
CVE-2024-50432UNKNOWN≤ 2.2.932024-10-28
CVE-2024-50432 CWE-79 CVE-2024-50432: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Cross-Site Scripting (XSS).This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.2.93.
cvelistv5nvd
CVE-2024-47340UNKNOWN≤ 2.2.892024-10-06
CVE-2024-47340 CWE-79 CVE-2024-47340: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.2.89.
cvelistv5nvd
CVE-2024-8253HIGHCVSS 8.8≥ 2.2.87, ≤ 2.2.902024-09-11
CVE-2024-8253 [HIGH] CWE-266 CVE-2024-8253: The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their
cvelistv5nvd