CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3235 – Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure
https://notcve.org/view.php?id=CVE-2024-3235
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information. El complemento Essential Grid Gallery de WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.1.1 incluida a través de la función on_front_ajax_action(). Esto hace posible que atacantes no autenticados vean publicaciones privadas y protegidas con contraseña que pueden contener información privada o confidencial. • https://codecanyon.net/item/essential-grid-wordpress-plugin/7563340 https://www.wordfence.com/threat-intel/vulnerabilities/id/adadac1e-3d92-41a5-90d4-b2028c8c40c0?source=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47684 – WordPress Essential Grid Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47684
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento ThemePunch OHG Essential Grid en versiones <= 3.1.0. The Essential Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/essential-grid/wordpress-essential-grid-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •