Plugin icon

Post Grid

post-grid

Vulnerabilities:

30

Last Updated:

January 13, 2026

Active Installs:

30000

Published
Title
Fixed in
CVSS
Published
2025-12-21
Title
Post Grid and Gutenberg Blocks <= 2.3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
No known fix
CVSS
5.5 (medium)
Published
2025-12-03
Title
Post Grid and Gutenberg Blocks <= 2.3.19 - Unauthenticated Insecure Direct Object Reference
Fixed in
No known fix
CVSS
5.3 (medium)
Published
2025-10-04
Title
Post Grid and Gutenberg Blocks < 2.3.18 - Missing Authorization
Fixed in
Fixed in 2.3.18
CVSS
4.3 (medium)
Published
2025-10-04
Title
Post Grid and Gutenberg Blocks < 2.3.18 - Missing Authorization
Fixed in
Fixed in 2.3.18
CVSS
4.3 (medium)
Published
2025-08-06
Title
Post Grid and Gutenberg Blocks < 2.3.12 - Authenticated (Contributor+) PHP Object Injection
Fixed in
Fixed in 2.3.12
CVSS
8.8 (high)
Published
2025-02-27
Title
Post Grid and Gutenberg Blocks – ComboBlocks < 2.3.7 - Unauthenticated User Information Exposure
Fixed in
Fixed in 2.3.7
CVSS
5.3 (medium)
Published
2025-02-21
Title
Post Grid and Gutenberg Blocks < 2.3.6 - Unauthenticated Paid Order Creation
Fixed in
Fixed in 2.3.6
CVSS
5.3 (medium)
Published
2025-01-14
Title
Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation
Fixed in
Fixed in 2.3.4
CVSS
9.8 (critical)
Published
2024-10-24
Title
Post Grid and Gutenberg Blocks < 2.2.94 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.2.94
CVSS
6.4 (medium)
Published
2024-09-27
Title
Post Grid and Gutenberg Blocks < 2.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.2.90
CVSS
6.4 (medium)
Published
2024-09-10
Title
Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Subscriber+ Privilege Escalation
Fixed in
Fixed in 2.2.91
CVSS
8.8 (high)
Published
2024-09-09
Title
Post Grid and Gutenberg Blocks < 2.2.93 - Contributor+ Stored XSS
Fixed in
Fixed in 2.2.93
CVSS
6.8 (medium)
Published
2024-08-13
Title
Gutenberg Blocks, Page Builder – ComboBlocks < 2.2.88 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
Fixed in
Fixed in 2.2.88
CVSS
6.4 (medium)
Published
2024-08-07
Title
ComboBlocks < 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.2.87
CVSS
6.4 (medium)
Published
2024-07-31
Title
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.86 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget
Fixed in
Fixed in 2.2.86
CVSS
6.4 (medium)
Published
2024-06-06
Title
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute
Fixed in
Fixed in 2.2.81
CVSS
6.4 (medium)
Published
2024-06-06
Title
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.2.81
CVSS
6.4 (medium)
Published
2024-05-20
Title
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.2.81
CVSS
6.4 (medium)
Published
2024-04-22
Title
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.79 - Unauthenticated Sensitive Information Exposure
Fixed in
Fixed in 2.2.79
CVSS
5.3 (medium)
Published
2024-03-28
Title
Post Grid < 2.2.76 - Reflected Cross-Site Scripting
Fixed in
Fixed in 2.2.76
CVSS
6.1 (medium)
Published
2024-03-19
Title
Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
Fixed in
Fixed in 2.2.76
CVSS
5.3 (medium)
Published
2024-03-12
Title
Post Grid Combo – 36+ Gutenberg Blocks < 2.2.69 - Information Exposure via get_posts API Endpoint
Fixed in
Fixed in 2.2.69
CVSS
7.5 (high)
Published
2023-12-15
Title
Post Grid Combo – 36+ Gutenberg Blocks < 2.2.65 - Authenticated (Contributor+) Cross-Site Scripting
Fixed in
Fixed in 2.2.65
CVSS
6.4 (medium)
Published
2022-03-15
Title
Post Grid < 2.1.16 - Reflected Cross-Site Scripting via keyword
Fixed in
Fixed in 2.1.16
CVSS
4.7 (medium)
Published
2022-03-15
Title
Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types
Fixed in
Fixed in 2.1.16
CVSS
6.1 (medium)
Published
2021-12-15
Title
Post Grid < 2.1.13 - Contributor+ SQL Injection
Fixed in
Fixed in 2.1.13
CVSS
6.8 (medium)
Published
2021-06-28
Title
Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)
Fixed in
Fixed in 2.1.8
CVSS
7.1 (high)
Published
2020-10-05
Title
Post Grid < 2.0.73 & Team Showcase < 1.22.16 - PHP Object Injection
Fixed in
Fixed in 2.0.73
CVSS
7.5 (high)
Published
2020-10-05
Title
Post Grid < 2.0.73 & Team Showcase < 1.22.16 - Authenticated Stored Cross-Site Scripting (XSS)
Fixed in
Fixed in 2.0.73
CVSS
7.5 (high)
Published
2016-11-08
Title
Post Grid <= 2.0.12 - Unauthenticated Arbitrary File Deletion
Fixed in
Fixed in 2.0.13
CVSS
n/a