Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Post Grid Combo 2.0.12

  • Severity: critical
  • Status: Fixed
  • Publication: November 8, 2016

The Post Grid plugin for WordPress is vulnerable to a security issue in which unauthenticated attackers can delete files. This vulnerability affects versions of the plugin up to and including 2.0.12. The problem is that the plugin does not properly verify user input, which allows the attackers to delete files.

Detected in:

Gutenberg Blocks, Page Builder – ComboBlocks fixed vulnerable versions:
Post Grid fixed vulnerable versions: >= * <= 2.0.12
Post Grid and Gutenberg Blocks fixed vulnerable versions:
Post Grid and Gutenberg Blocks – ComboBlocks fixed vulnerable versions:
Post Grid By PickPlugins fixed vulnerable versions:
Post Grid Combo – 36+ Blocks for Gutenberg fixed vulnerable versions:
Post Grid Combo – 36+ Gutenberg Blocks fixed vulnerable versions:
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks fixed vulnerable versions:
Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.