Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Post Grid Combo – 36+ Gutenberg Blocks 2.2.64

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 15, 2023

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to a type of attack called Stored Cross-Site Scripting. This means that people with contributor access or higher can inject malicious code into pages on the website. Whenever somebody accesses an injected page, the malicious code runs, which can be used to steal information or damage the website. This vulnerability exists in all versions of the plugin up to version 2.2.64, due to a lack of safety measures.

Detected in:

Gutenberg Blocks, Page Builder – ComboBlocks fixed vulnerable versions:
Post Grid fixed vulnerable versions: >= * <= 2.2.64
Post Grid and Gutenberg Blocks fixed vulnerable versions:
Post Grid and Gutenberg Blocks – ComboBlocks fixed vulnerable versions:
Post Grid By PickPlugins fixed vulnerable versions:
Post Grid Combo – 36+ Gutenberg Blocks fixed vulnerable versions:
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks fixed vulnerable versions:
Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.