cleantalk
Vulnerabilities and Security Researches

Post Grid, Post Carousel, & List Category Posts – by Smart Post Show, 98e123ac1a86723d620a2b959e6ecfa13513b410

CVE, Research URL

98e123ac1a86723d620a2b959e6ecfa13513b410

Home page URL

Security reports for Post Grid, Post Carousel, & List Category Posts – by Smart Post Show

Application

Post Grid, Post Carousel, & List Category Posts – by Smart Post Show

Published on
Aug 16, 2021
Research Description
Smart Post Show – Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More [post-carousel] < 2.3.5 Post Carousel < 2.3.5 - Missing Capabilities Check The Post Carousel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on multiple functions in versions up to, and including, 2.3.4. This makes it possible for attackers to improperly access administrative actions.
Affected versions
max 2.3.5.
Status
vulnerable
Previous vulnerability researches
Multi Post Carousel by Category (CVE-2026-1275) , Apr 13, 2026
Post Carousel Divi (CVE-2022-4974) , Nov 15, 2024
Post Carousel Divi (9a49090552d6bf0056b51d4d41b6c1c13e395cd9) , Jun 07, 2024
Custom Post Carousels with Owl (CVE-2023-51493) , Jun 07, 2024
Custom Post Carousels with Owl (CVE-2025-5125) , Jul 12, 2025
New vulnerability
Head Meta Data (CVE-2026-0608) , Apr 15, 2026
NotificationX &#8211; Best FOMO, Social Proof, WooCommerce Sales Popup &amp; Notification Bar Plugin With Elementor (CVE-2026-0554) , Apr 15, 2026
Download Manager (CVE-2026-1666) , Apr 15, 2026
Post Duplicator (CVE-2026-2301) , Apr 15, 2026
WCFM Marketplace &#8211; Best Multivendor Marketplace for WooCommerce (CVE-2026-1722) , Apr 15, 2026