GCVE - cpe:2.3:a:radiustheme:the_post_grid:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:radiustheme:the_post_grid:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Radiustheme (`0725c1b0-e09b-5bd8-8b3b-7e2c6e70aedf`)
Product	The Post Grid (`f0b139ec-7c7d-5544-9907-f740cdc89e0d`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-7418`	vulnerable	2026-06-03 14:58:05.859561	The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure MEDIUM (4.3) The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..). Published: 2024-08-29T03:52:58.022Z Updated: 2026-04-08T17:28:11.393Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-3635`	vulnerable	2026-06-03 14:56:31.538956	The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Published: 2024-09-30T06:00:05.591Z Updated: 2024-09-30T20:22:55.127Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/63cbe5f4-fe0f-499f-a964-cf4fbedcfa25/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37481`	vulnerable	2026-06-03 14:56:06.757170	WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability MEDIUM (6.5) Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4. Published: 2024-11-01T14:18:16.222Z Updated: 2026-04-28T16:09:59.765Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/the-post-grid/vulnerability/wordpress-the-post-grid-plugin-7-7-4-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35739`	vulnerable	2026-06-03 14:56:02.921487	WordPress The Post Grid plugin <= 7.7.1 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.1. Published: 2024-06-08T12:42:20.044Z Updated: 2026-04-28T16:09:54.302Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/the-post-grid/vulnerability/wordpress-the-post-grid-plugin-7-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1427`	vulnerable	2026-06-03 14:54:26.892515	The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag MEDIUM (6.4) The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-07-02T05:32:56.061Z Updated: 2026-04-08T17:34:47.515Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/fc870ce5-1352-43f2-b80b-45065ceed750?source=cve https://plugins.trac.wordpress.org/browser/the-post-grid/tags/7.4.2/app/Helpers/Fns.php#L1051 https://plugins.trac.wordpress.org/changeset/3080313/#file347	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-39923`	vulnerable	2026-06-03 14:52:39.509818	WordPress The Post Grid Plugin <= 7.2.7 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (5.4) Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. Published: 2023-10-03T11:05:28.232Z Updated: 2026-04-28T16:08:34.915Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-plugin-7-2-7-cross-site-request-forgery-csrf-leading-to-css-change-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-46853`	vulnerable	2026-06-03 14:48:26.699827	WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions. Published: 2023-05-23T13:12:13.768Z Updated: 2026-04-28T16:07:55.080Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-plugin-5-0-4-cross-site-request-forgery-csrf?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.