CVE-2024-7418

CVSS V2 None CVSS V3 None
Description
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..).
Overview
  • CVE ID
  • CVE-2024-7418
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-08-29T03:52:58.022Z
  • Last Modified Date
  • 2024-08-29T03:52:58.022Z
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
References
Reference URL Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail=
https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php
https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-7418
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7418
History
Created Old Value New Value Data Type Notes
2024-08-29 13:04:30 Added to TrackCVE