Post Grid Master
Approved changes feed: RSS · Atom
cpe:2.3:a:addonmaster:post_grid_master:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Addonmaster (81aa4dd5-adf5-57c5-b9b6-284670434889) |
|---|---|
| Product | Post Grid Master (5dda162b-a3d7-577e-8ec4-6c97c549edfd) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-5084 |
vulnerable | 2026-06-03 15:06:26.958109 |
Post Grid Master <= 3.4.13 - Reflected Cross-Site Scripting via argsArray['read_more_text']
MEDIUM (6.1)
The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray['read_more_text']’ parameter in all versions up to, and including, 3.4.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Published: 2025-07-24T09:22:15.279Z
Updated: 2026-04-08T16:34:07.683Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30974 |
vulnerable | 2026-06-03 15:00:29.942185 |
WordPress Post Grid Master plugin <= 3.4.17 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid Master: from n/a through <= 3.4.17.
Published: 2025-06-06T12:54:07.807Z
Updated: 2026-04-28T16:12:02.771Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24733 |
vulnerable | 2026-06-03 14:59:56.765459 |
WordPress Post Grid Master plugin <= 3.4.12 - Local File Inclusion vulnerability
MEDIUM (6.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows PHP Local File Inclusion.This issue affects Post Grid Master: from n/a through <= 3.4.12.
Published: 2025-01-24T17:25:17.309Z
Updated: 2026-04-28T16:11:33.236Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43156 |
vulnerable | 2026-06-03 14:56:44.607524 |
WordPress Post Grid Master plugin <= 3.4.10 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.
Published: 2024-08-12T22:03:12.013Z
Updated: 2026-04-28T16:10:09.370Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34390 |
vulnerable | 2026-06-03 14:55:53.986024 |
WordPress Post Grid Master plugin <= 3.4.8 - Auth. Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8.
Published: 2024-05-06T18:21:56.842Z
Updated: 2026-04-28T16:09:48.272Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34372 |
vulnerable | 2026-06-03 14:55:53.948452 |
WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7.
Published: 2024-05-06T18:59:58.715Z
Updated: 2026-04-28T16:09:47.928Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11642 |
vulnerable | 2026-06-03 14:54:14.541186 |
Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion
CRITICAL (9.8)
The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The file included must have a .php extension.
Published: 2025-01-09T11:11:03.716Z
Updated: 2026-04-08T17:16:27.991Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.