216.73.217.86

CVE-2024-3635

· Published 30/09/2024 06:15 · Modified 02/10/2024 14:30

Labels: CVE-2024-3635 2024-09-30CVE-2024-3635CWE-79[email protected]

Essential information

Published
30/09/2024 06:15
Modified
02/10/2024 14:30
Author
Creator
CVSS
4.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
radiustheme / the post grid cpe:2.3:a:radiustheme:the_post_grid:*:*:*:*:*:wordpress:*:*

References