CVE-2024-1427
published 2024-07-02CVE-2024-1427: The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.34%
26.0th percentile
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| radiustheme | the_post_grid | < 7.7.2 | 7.7.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Possible Elasticsearch CVE-2015-1427 Exploit Campaign SSL Certificate
suricata·2015-06-26·CVSS 9.8
CVE-2015-1427 [CRITICAL] ET EXPLOIT Possible Elasticsearch CVE-2015-1427 Exploit Campaign SSL Certificate
ET EXPLOIT Possible Elasticsearch CVE-2015-1427 Exploit Campaign SSL Certificate
Rule: alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Elasticsearch CVE-2015-1427 Exploit Campaign SSL Certificate"; flow:established,to_client; tls.cert_subject; content:"ST="; distance:0; content:"hacked"; content:"|01 09 01|"; distance:0; content:"[email protected]"; reference:url,blog.malwaremustdie.org/2015/06/mmd-0034-2015-new-elf.html; classtype:trojan-activity; sid:2021351; rev:4; metadata:attack_target Client_Endpoint, created_at 2015_06_26, cve CVE_2015_1427, deployment Perimeter, confidence Medium, signature_severity Major, tag SSL_Malicious_Cert, tag CISA_KEV, updated_at 2024_04_12;)
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/the-post-grid/tags/7.4.2/app/Helpers/Fns.php#L1051https://plugins.trac.wordpress.org/changeset/3080313/#file347https://www.wordfence.com/threat-intel/vulnerabilities/id/fc870ce5-1352-43f2-b80b-45065ceed750?source=cvehttps://plugins.trac.wordpress.org/browser/the-post-grid/tags/7.4.2/app/Helpers/Fns.php#L1051https://plugins.trac.wordpress.org/changeset/3080313/#file347https://www.wordfence.com/threat-intel/vulnerabilities/id/fc870ce5-1352-43f2-b80b-45065ceed750?source=cve
2024-07-02
Published