Vulnerabilities > Pickplugins > Post Grid > 2.1.20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2024-13796 | Information Exposure vulnerability in Pickplugins Post Grid The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data. | 7.5 |
| 2024-06-07 | CVE-2024-1988 | Cross-site Scripting vulnerability in Pickplugins Post Grid The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. | 5.4 |