CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3235 – Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure
https://notcve.org/view.php?id=CVE-2024-3235
09 Apr 2024 — The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information. El complemento Essential Grid Gallery de WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.1.1 incluida a través de ... • https://codecanyon.net/item/essential-grid-wordpress-plugin/7563340 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47684 – WordPress Essential Grid Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47684
09 Nov 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento ThemePunch OHG Essential Grid en versiones <= 3.1.0. The Essential Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject... • https://patchstack.com/database/vulnerability/essential-grid/wordpress-essential-grid-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •