Post Grid

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Post Grid

Information

Software Type Plugin
Software Slug post-grid (view on wordpress.org)
Software Status Active
Software Author pickplugins
Software Website pickplugins.com
Software Downloads 3,454,952
Software Active Installs 30,000
Software Record Last Updated June 17, 2026

Showing 1-20 of 29 Vulnerabilities

Submit a Vulnerability
Post Grid and Gutenberg Blocks <= 2.3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-68605
Dec 21, 2025
Researcher: Muhammad Yudha - DJ
Post Grid and Gutenberg Blocks <= 2.3.19 - Unauthenticated Insecure Direct Object Reference
5.3
CVE-2025-63043
Dec 3, 2025
Researcher: Doan Dinh Van (DinhVan52)
Post Grid and Gutenberg Blocks <= 2.3.17 - Missing Authorization
4.3
CVE-2025-66058
Oct 4, 2025
Researcher: Abu Hurayra (HurayraIIT)
Post Grid and Gutenberg Blocks <= 2.3.17 - Missing Authorization
4.3
CVE-2025-62924
Oct 4, 2025
Researcher: Abu Hurayra (HurayraIIT)
Post Grid and Gutenberg Blocks <= 2.3.11 - Authenticated (Contributor+) PHP Object Injection
8.8
CVE-2025-54007
Aug 6, 2025
Researcher: Ananda Dhakal
Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure
5.3
CVE-2024-13796
Feb 27, 2025
Researcher: wesley (wcraft)
Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation
5.3
CVE-2024-13798
Feb 21, 2025
Researcher: wesley (wcraft)
Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation
9.8
CVE-2024-9636
Jan 14, 2025
Researcher: wesley (wcraft)
Post Grid and Gutenberg Blocks <= 2.2.92 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-9645
Jan 14, 2025
Researcher: Dmitrii Ignatyev
Post Grid and Gutenberg Blocks <= 2.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-50432
Oct 24, 2024
Researcher: João Pedro Soares de Alcântara
Post Grid and Gutenberg Blocks <= 2.2.89 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-47340
Sep 27, 2024
Researcher: João Pedro Soares de Alcântara
Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-2024-8253
Sep 10, 2024
Researcher: wesley (wcraft)
Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
6.4
CVE-2024-7588
Aug 13, 2024
Researcher: lowol
ComboBlocks <= 2.2.86 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-43155
Aug 7, 2024
Researcher: João G. Barbosa (4rCanJ0x!)
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget
6.4
CVE-2024-6346
Jul 31, 2024
Researcher: Webbernaut
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute
6.4
CVE-2024-4042
Jun 6, 2024
Researcher: stealthcopter
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-1988
Jun 6, 2024
Researcher: Ngô Thiên An (ancorn_)
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-3155
May 20, 2024
Researcher: João Pedro Soares de Alcântara
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.78 - Unauthenticated Sensitive Information Exposure
5.3
CVE-2024-32816
Apr 22, 2024
Researcher: Peng Zhou
Post Grid <= 2.2.74 - Reflected Cross-Site Scripting
6.1
CVE-2024-30441
Mar 28, 2024
Researcher: Rafie Muhammad
Title Status CVE ID CVSS Researchers Date
Post Grid and Gutenberg Blocks <= 2.3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting Unpatched CVE-2025-68605 6.4 Muhammad Yudha - DJ December 21, 2025
Post Grid and Gutenberg Blocks <= 2.3.19 - Unauthenticated Insecure Direct Object Reference Unpatched CVE-2025-63043 5.3 Doan Dinh Van (DinhVan52) December 3, 2025
Post Grid and Gutenberg Blocks <= 2.3.17 - Missing Authorization Patched CVE-2025-66058 4.3 Abu Hurayra (HurayraIIT) October 4, 2025
Post Grid and Gutenberg Blocks <= 2.3.17 - Missing Authorization Patched CVE-2025-62924 4.3 Abu Hurayra (HurayraIIT) October 4, 2025
Post Grid and Gutenberg Blocks <= 2.3.11 - Authenticated (Contributor+) PHP Object Injection Patched CVE-2025-54007 8.8 Ananda Dhakal August 6, 2025
Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure Patched CVE-2024-13796 5.3 wesley (wcraft) February 27, 2025
Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation Patched CVE-2024-13798 5.3 wesley (wcraft) February 21, 2025
Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation Patched CVE-2024-9636 9.8 wesley (wcraft) January 14, 2025
Post Grid and Gutenberg Blocks <= 2.2.92 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-9645 6.4 Dmitrii Ignatyev January 14, 2025
Post Grid and Gutenberg Blocks <= 2.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-50432 6.4 João Pedro Soares de Alcântara October 24, 2024
Post Grid and Gutenberg Blocks <= 2.2.89 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-47340 6.4 João Pedro Soares de Alcântara September 27, 2024
Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation Patched CVE-2024-8253 8.8 wesley (wcraft) September 10, 2024
Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block Patched CVE-2024-7588 6.4 lowol August 13, 2024
ComboBlocks <= 2.2.86 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-43155 6.4 João G. Barbosa (4rCanJ0x!) August 7, 2024
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget Patched CVE-2024-6346 6.4 Webbernaut July 31, 2024
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute Patched CVE-2024-4042 6.4 stealthcopter June 6, 2024
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-1988 6.4 Ngô Thiên An (ancorn_) June 6, 2024
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-3155 6.4 João Pedro Soares de Alcântara May 20, 2024
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.78 - Unauthenticated Sensitive Information Exposure Patched CVE-2024-32816 5.3 Peng Zhou April 22, 2024
Post Grid <= 2.2.74 - Reflected Cross-Site Scripting Patched CVE-2024-30441 6.1 Rafie Muhammad March 28, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation