Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 6 known issues Latest disclosed Jan 27, 2025

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Vulnerabilities

Q: How many Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget vulnerabilities have patch guidance?

6 of 6 tracked Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget records include a published patch path.

Review known vulnerability records for the WordPress plugin Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget (`post-grid-carousel-ultimate`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-24782, CVE-2024-13409 and CVE-2024-13408, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Feb 03, 2025

Priority CVE Quick Links

Fast paths into Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2025-24782 High 1.7

CVE-2025-24782 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Local File Inclusion

Post Grid, Slider & Carousel Ultimate <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

CVE-2024-2006 High 1.6.8

CVE-2024-2006 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Vulnerability

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup

CVE-2024-13409 High 1.7

CVE-2024-13409 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Local File Inclusion

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()

CVE-2024-13408 High 1.7

CVE-2024-13408 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Local File Inclusion

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

CVE-2024-29925 Medium 1.6.7

CVE-2024-29925 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Stored Cross-Site Scripting

Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2022-1266 Medium 1.5.0

CVE-2022-1266 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Cross-Site Scripting

Post Grid, Slider & Carousel Ultimate <= 1.4.3 - Authenticated (Admin+) Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

6 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 4 high severity findings.

Recent CVEs

CVE-2025-24782, CVE-2024-13409 and CVE-2024-13408

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-24782 High Patch path listed

CVE-2025-24782: Post Grid, Slider & Carousel Ultimate <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.6.10. This makes it possible for authenticated attack...

Published

Jan 27, 2025

Patch Status

1.7

Open CVE-2025-24782 Report

CVE-2024-13409 High Patch path listed

CVE-2024-13409: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including...

Published

Jan 23, 2025

Patch Status

1.7

Open CVE-2024-13409 Report

CVE-2024-13408 High Patch path listed

CVE-2024-13408: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including...

Published

Jan 23, 2025

Patch Status

1.7

Open CVE-2024-13408 Report

Known Vulnerabilities

Reports for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2025-24782

CVE-2025-24782: Post Grid, Slider & Carousel Ultimate <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.6.10. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on th...

Published

Jan 27, 2025

Patched Release

1.7

Affected Versions

Versions up to 1.6.10

Next Step

Update to 1.7 or newer if supported.

Open CVE-2025-24782 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-13409

CVE-2024-13409: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it...

Published

Jan 23, 2025

Patched Release

1.7

Affected Versions

Versions up to 1.6.10

Next Step

Update to 1.7 or newer if supported.

Open CVE-2024-13409 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-13408

CVE-2024-13408: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for aut...

Published

Jan 23, 2025

Patched Release

1.7

Affected Versions

Versions up to 1.6.10

Next Step

Update to 1.7 or newer if supported.

Open CVE-2024-13408 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-29925

CVE-2024-29925: Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

Published

Mar 25, 2024

Patched Release

1.6.7

Affected Versions

Versions up to 1.6.6

Next Step

Update to 1.6.7 or newer if supported.

Open CVE-2024-29925 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-2006

CVE-2024-2006: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup fun...

Published

Mar 05, 2024

Patched Release

1.6.8

Affected Versions

Versions up to 1.6.7

Next Step

Update to 1.6.8 or newer if supported.

Open CVE-2024-2006 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-1266

CVE-2022-1266: Post Grid, Slider & Carousel Ultimate <= 1.4.3 - Authenticated (Admin+) Cross-Site Scripting

The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Published

May 26, 2022

Patched Release

1.5.0

Affected Versions

Versions before 1.5.0

Next Step

Update to 1.5.0 or newer if supported.

Open CVE-2022-1266 Report Open CVE Reference