Product:

Post_grid\,_slider_\&_carousel_ultimate

(Wpwax)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 4
Date Id Summary Products Score Patch Annotated
2024-03-13 CVE-2024-2006 The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system,... Post_grid\,_slider_\&_carousel_ultimate 8.8
2024-03-27 CVE-2024-29925 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6. Post_grid\,_slider_\&_carousel_ultimate 5.4
2025-01-24 CVE-2024-13409 The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass... Post_grid\,_slider_\&_carousel_ultimate 8.8
2022-06-20 CVE-2022-1266 The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Post_grid\,_slider_\&_carousel_ultimate 4.8