cleantalk
Vulnerabilities and Security Researches

Post Grid, Post Carousel, & List Category Posts – by Smart Post Show, CVE-2024-3996

CVE, Research URL

CVE-2024-3996

Home page URL

Security reports for Post Grid, Post Carousel, & List Category Posts – by Smart Post Show

Application

Post Grid, Post Carousel, & List Category Posts – by Smart Post Show

Published on
May 16, 2025
Research Description
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
max 2.4.28.
Status
vulnerable
Previous vulnerability researches
Multi Post Carousel by Category (CVE-2026-1275) , Apr 13, 2026
Post Carousel Divi (CVE-2022-4974) , Nov 15, 2024
Post Carousel Divi (9a49090552d6bf0056b51d4d41b6c1c13e395cd9) , Jun 07, 2024
Custom Post Carousels with Owl (CVE-2023-51493) , Jun 07, 2024
Custom Post Carousels with Owl (CVE-2025-5125) , Jul 12, 2025
New vulnerability
Head Meta Data (CVE-2026-0608) , Apr 15, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-0554) , Apr 15, 2026
Download Manager (CVE-2026-1666) , Apr 15, 2026
Post Duplicator (CVE-2026-2301) , Apr 15, 2026
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce (CVE-2026-1722) , Apr 15, 2026