Vulnerabilities > Pickplugins > Post Grid > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-24 | CVE-2024-13408 | Unspecified vulnerability in Pickplugins Post Grid The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. | 8.8 |
| 2024-10-16 | CVE-2021-4450 | SQL Injection vulnerability in Pickplugins Post Grid The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-09-11 | CVE-2024-8253 | Unspecified vulnerability in Pickplugins Post Grid The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. | 8.8 |
| 2021-01-01 | CVE-2020-35939 | Deserialization of Untrusted Data vulnerability in Pickplugins Post Grid and Team Showcase PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. | 8.8 |
| 2021-01-01 | CVE-2020-35938 | Deserialization of Untrusted Data vulnerability in Pickplugins Post Grid and Team Showcase PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. | 8.8 |
| 2021-01-01 | CVE-2020-35937 | Cross-site Scripting vulnerability in Pickplugins Post Grid and Team Showcase Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. | 8.0 |
| 2021-01-01 | CVE-2020-35936 | Cross-site Scripting vulnerability in Pickplugins Post Grid and Team Showcase Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. | 8.0 |