{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3936", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-17T17:28:06.979Z", "datePublished": "2024-05-02T16:52:51.888Z", "dateUpdated": "2024-08-01T20:26:57.209Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-02T16:52:51.888Z"}, "affected": [{"vendor": "techlabpro1", "product": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "7.6.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with subscriber access or higher, to change the plugin's settings and invoke other functions hooked by AJAX actions."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/the-post-grid/trunk/app/Controllers/AjaxController.php#L130"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078599%40the-post-grid%2Ftrunk&old=3061874%40the-post-grid%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Pavel Palii"}], "timeline": [{"time": "2024-04-30T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3936", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-02T17:44:37.790013Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wordpress:post_grid_shortcode_gutenberg_blocks_elementor:-:*:*:*:*:*:*:*"], "vendor": "wordpress", "product": "post_grid_shortcode_gutenberg_blocks_elementor", "versions": [{"status": "affected", "version": "-", "versionType": "custom", "lessThanOrEqual": "7.6.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:42.954Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.209Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/the-post-grid/trunk/app/Controllers/AjaxController.php#L130", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078599%40the-post-grid%2Ftrunk&old=3061874%40the-post-grid%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/the-post-grid/trunk/app/Controllers/AjaxController.php#L130", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078599%40the-post-grid%2Ftrunk&old=3061874%40the-post-grid%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.209Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3936", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-02T17:44:37.790013Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wordpress:post_grid_shortcode_gutenberg_blocks_elementor:-:*:*:*:*:*:*:*"], "vendor": "wordpress", "product": "post_grid_shortcode_gutenberg_blocks_elementor", "versions": [{"status": "affected", "version": "-", "versionType": "custom", "lessThanOrEqual": "7.6.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T17:46:03.672Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Pavel Palii"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "techlabpro1", "product": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "7.6.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-30T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/the-post-grid/trunk/app/Controllers/AjaxController.php#L130"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078599%40the-post-grid%2Ftrunk&old=3061874%40the-post-grid%2Ftrunk&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with subscriber access or higher, to change the plugin's settings and invoke other functions hooked by AJAX actions."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-02T16:52:51.888Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3936", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:26:57.209Z", "dateReserved": "2024-04-17T17:28:06.979Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-02T16:52:51.888Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with subscriber access or higher, to change the plugin's settings and invoke other functions hooked by AJAX actions."}, {"lang": "es", "value": "El complemento The Post Grid \u2013 Shortcode, Gutenberg Blocks y Elementor Addon para Post Grid para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n rtTPGSaveSettings en todas las versiones hasta la 7.6.1 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, cambien la configuraci\u00f3n del complemento e invoquen otras funciones enganchadas por acciones AJAX."}], "id": "CVE-2024-3936", "lastModified": "2024-11-21T09:30:44.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-02T17:15:32.583", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/the-post-grid/trunk/app/Controllers/AjaxController.php#L130"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078599%40the-post-grid%2Ftrunk&old=3061874%40the-post-grid%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/the-post-grid/trunk/app/Controllers/AjaxController.php#L130"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078599%40the-post-grid%2Ftrunk&old=3061874%40the-post-grid%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis"}

{}

{}