cleantalk
Vulnerabilities and Security Researches

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, CVE-2023-3992

CVE, Research URL

CVE-2023-3992

Home page URL

Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Application

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Published on
Aug 30, 2023
Research Description
The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
max 3.0.6.
Status
vulnerable
Previous vulnerability researches
WP Ultimate Post Grid (CVE-2024-9051) , Oct 12, 2024
WP Ultimate Post Grid (CVE-2024-4043) , Jun 06, 2024
Ultimate Posts Widget (CVE-2024-0561) , Jun 07, 2024
Ultimate Posts Widget (CVE-2023-38514) , Mar 21, 2025
Ultimate Posts Widget (CVE-2023-0958) , Jun 07, 2024
New vulnerability
Customer Reviews for WooCommerce (CVE-2026-1316) , Apr 15, 2026
WP Recipe Maker (CVE-2026-1558) , Apr 15, 2026
Page and Post Clone (CVE-2026-2893) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-2589) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-1927) , Apr 15, 2026