CVE-2024-3635: The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation
First published: Mon Sep 30 2024(Updated: )
The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Radiustheme The Post Grid | <7.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-3635?
CVE-2024-3635 has a high severity rating due to its potential for Stored Cross-Site Scripting attacks.
How do I fix CVE-2024-3635?
To fix CVE-2024-3635, update the Post Grid WordPress plugin to version 7.5.0 or later.
What are the consequences of CVE-2024-3635?
The consequences of CVE-2024-3635 include unauthorized access to user accounts and compromise of sensitive information via Stored Cross-Site Scripting.
Who is affected by CVE-2024-3635?
CVE-2024-3635 affects users of the Post Grid WordPress plugin prior to version 7.5.0, particularly those with high privilege roles like Editor and above.
Is CVE-2024-3635 remotely exploitable?
Yes, CVE-2024-3635 can be exploited remotely by high privilege users to execute malicious scripts.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/radiustheme
- canonical/radiustheme the post grid