CVE-2024-7418

Name of the Vulnerable Software and Affected Versions The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress versions up to, and including, 7.7.11

Description The issue allows authenticated attackers with contributor-level access and above to extract information from non-public posts, such as drafts and future posts, via the post query guten and post query functions. This makes it possible for attackers to access sensitive information.

Recommendations For versions up to, and including, 7.7.11, update to a version higher than 7.7.11 to mitigate the risk of sensitive information exposure. As a temporary workaround, consider restricting access to the post query guten and post query functions until a patch is available. Additionally, restrict contributor-level access and above to minimize the risk of exploitation.