CVE-2024-50432 MEDIUM

CVE-2024-50432: WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.93 - Cross Site Scripting (XSS) vulnerability

Vendor Pickplugins

Product Post Grid and Gutenberg Blocks

Weakness CWE-79 · XSS

Published October 28, 2024

Last update May 11, 2026

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Cross-Site Scripting (XSS).This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.2.93.

Key dates

02Disclosure timeline

October 28, 2024 CVE published

May 11, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-50432 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-13497 Recras WordPress plugin <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute CVE-2026-0914 WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode CVE-2023-3822 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore CVE-2025-11308 Vanderlande Baggage 360 messages cross site scripting CVE-2025-3435 MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer