{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7418", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-08-02T13:23:53.678Z", "datePublished": "2024-08-29T03:52:58.022Z", "dateUpdated": "2024-08-29T14:07:48.890Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-08-29T03:52:58.022Z"}, "affected": [{"vendor": "techlabpro1", "product": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "7.7.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..)."}], "title": "The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Information Exposure", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "timeline": [{"time": "2024-08-28T15:35:37.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-29T14:07:36.521276Z", "id": "CVE-2024-7418", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:07:48.890Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7418", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-29T14:07:36.521276Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:07:43.355Z"}}], "cna": {"title": "The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure", "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "techlabpro1", "product": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "7.7.11"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-08-28T15:35:37.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php"}], "descriptions": [{"lang": "en", "value": "The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Information Exposure"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-08-29T03:52:58.022Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7418", "state": "PUBLISHED", "dateUpdated": "2024-08-29T14:07:48.890Z", "dateReserved": "2024-08-02T13:23:53.678Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-08-29T03:52:58.022Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:radiustheme:the_post_grid:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "62402BF9-06D7-45C4-A8AF-039E9527790C", "versionEndExcluding": "7.7.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..)."}, {"lang": "es", "value": "El complemento The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 7.7.11 incluida a trav\u00e9s de las funciones post_query_guten y post_query. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan informaci\u00f3n de publicaciones que no son p\u00fablicas (es decir, borradores, futuras, etc.)."}], "id": "CVE-2024-7418", "lastModified": "2024-10-04T16:01:06.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-08-29T11:15:28.540", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{}