cleantalk
Vulnerabilities and Security Researches

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, CVE-2024-4305

CVE, Research URL

CVE-2024-4305

Home page URL

Security reports for Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Application

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Published on
Jun 17, 2024
Research Description
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions
max 4.1.0.
Status
vulnerable
Previous vulnerability researches
WP Ultimate Post Grid (CVE-2024-9051) , Oct 12, 2024
WP Ultimate Post Grid (CVE-2024-4043) , Jun 06, 2024
Ultimate Posts Widget (CVE-2024-0561) , Jun 07, 2024
Ultimate Posts Widget (CVE-2023-38514) , Mar 21, 2025
Ultimate Posts Widget (CVE-2023-0958) , Jun 07, 2024
New vulnerability
AM Events (CVE-2025-69006) , Jan 11, 2026
Master Addons for Elementor (CVE-2025-63053) , Jan 11, 2026
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2025-13367) , Jan 11, 2026
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2025-14998) , Jan 11, 2026
WPBulky – WordPress Bulk Edit Post Types (CVE-2025-68550) , Jan 11, 2026