cleantalk
Vulnerabilities and Security Researches

Post Grid, Post Carousel, & List Category Posts – by Smart Post Show, CVE-2023-0097

CVE, Research URL

CVE-2023-0097

Home page URL

Security reports for Post Grid, Post Carousel, & List Category Posts – by Smart Post Show

Application

Post Grid, Post Carousel, & List Category Posts – by Smart Post Show

Published on
Jan 31, 2023
Research Description
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
max 2.3.5.
Status
vulnerable
Previous vulnerability researches
Multi Post Carousel by Category (CVE-2026-1275) , Apr 13, 2026
Post Carousel Divi (CVE-2022-4974) , Nov 15, 2024
Post Carousel Divi (9a49090552d6bf0056b51d4d41b6c1c13e395cd9) , Jun 07, 2024
Custom Post Carousels with Owl (CVE-2023-51493) , Jun 07, 2024
Custom Post Carousels with Owl (CVE-2025-5125) , Jul 12, 2025
New vulnerability
Head Meta Data (CVE-2026-0608) , Apr 15, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-0554) , Apr 15, 2026
Download Manager (CVE-2026-1666) , Apr 15, 2026
Post Duplicator (CVE-2026-2301) , Apr 15, 2026
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce (CVE-2026-1722) , Apr 15, 2026