cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forpost-grid-carousel-ultimate post-grid-carousel-ultimate

Direction: ascending
Jun 06, 2024

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget # CVE-2022-1266

CVE, Research URL

CVE-2022-1266

Home page URL

Security reports for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Application

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Date
Jun 20, 2022
Research Description
The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions
Min -, max -.
Status
vulnerable

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget # CVE-2024-29925

CVE, Research URL

CVE-2024-29925

Home page URL

Security reports for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Application

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Date
Mar 27, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6.
Affected versions
Min -, max -.
Status
vulnerable

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget # CVE-2024-2006

CVE, Research URL

CVE-2024-2006

Home page URL

Security reports for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Application

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Date
Mar 13, 2024
Research Description
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
Min -, max -.
Status
vulnerable
Jan 26, 2025

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget # CVE-2024-13408

CVE, Research URL

CVE-2024-13408

Home page URL

Security reports for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Application

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Date
Jan 24, 2025
Research Description
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included.
Affected versions
Min -, max -.
Status
vulnerable

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget # CVE-2024-13409

CVE, Research URL

CVE-2024-13409

Home page URL

Security reports for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Application

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Date
Jan 24, 2025
Research Description
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Affected versions
Min -, max -.
Status
vulnerable
Jan 29, 2025

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget # CVE-2025-24782

CVE, Research URL

CVE-2025-24782

Home page URL

Security reports for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Application

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Date
Jan 27, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10.
Affected versions
Min -, max -.
Status
vulnerable