CVE-2024-3635
published 2024-09-30CVE-2024-3635: The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.29%
20.3th percentile
The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| radiustheme | the_post_grid | < 7.5.0 | 7.5.0 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_oracle7.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v46p-p3v7-38cg: The Post Grid WordPress plugin before 7
ghsa_unreviewed·2024-09-30
CVE-2024-3635 [MEDIUM] CWE-79 GHSA-v46p-p3v7-38cg: The Post Grid WordPress plugin before 7
The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Oracle
Oracle Oracle Communications Risk Matrix: Signaling (Okio) — CVE-2023-3635
vendor_oracle·2024-10-15·CVSS 7.5
CVE-2023-3635 [MEDIUM] Oracle Oracle Communications Risk Matrix: Signaling (Okio) — CVE-2023-3635
Oracle Oracle Communications Risk Matrix: Signaling (Okio) vulnerability
CVE: CVE-2023-3635
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2024 (OCT 2024)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Okio) — CVE-2023-3635
vendor_oracle·2024-04-15·CVSS 7.5
CVE-2023-3635 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Okio) — CVE-2023-3635
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Okio) vulnerability
CVE: CVE-2023-3635
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2024 (APR 2024)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (Okio) — CVE-2023-3635
vendor_oracle·2024-01-15·CVSS 7.5
CVE-2023-3635 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (Okio) — CVE-2023-3635
Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (Okio) vulnerability
CVE: CVE-2023-3635
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-30
Published