CVE-2024-3235

Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure

CVSS 5.3 MEDIUMEPSS 0.7%CWE-862

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Apr 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

ThemePunch · Essential Grid Gallery WordPress Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://codecanyon.net/item/essential-grid-wordpress-plugin/7563340 https://www.essential-grid.com/documentation/changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/adadac1e-3d92-41a5-90d4-b2028c8c40c0?source=cve