Unknown · The Post Grid – Shortcode · CVE-2024-3936
**Name of the Vulnerable Software and Affected Versions**
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.6.1
**Description**
The issue allows authenticated attackers with subscriber access or higher to modify the plugin's settings and invoke other functions hooked by AJAX actions due to a missing capability check on the `rtTPGSaveSettings` function.
**Recommendations**
For versions up to, and including, 7.6.1, update to a version that includes a fix for the missing capability check in the `rtTPGSaveSettings` function to prevent unauthorized modification of data.