PT-2024-24526 · WordPress · Essential Grid Gallery
1337_Wannabe
+1
·
Published
2024-04-10
·
Updated
2024-04-10
·
CVE-2024-3235
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Essential Grid Gallery WordPress Plugin versions up to, and including, 3.1.1
Description
The issue allows unauthenticated attackers to view private and password-protected posts that may contain sensitive information. This is possible due to the
on front ajax action() function.Recommendations
For versions up to, and including, 3.1.1, update to a version later than 3.1.1 to resolve the issue. As a temporary workaround, consider disabling the
on front ajax action() function until a patch is available.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Essential Grid Gallery