CVE-2024-3235

The Essential Grid Gallery WordPress Plugin in versions up to and including 3.1.1 contains a vulnerability in the on_front_ajax_action() function that leads to Sensitive Information Exposure. The function does not properly check user permissions, allowing unauthenticated attackers to access private or password-protected posts through a crafted AJAX request [1].

This vulnerability requires no authentication and can be exploited remotely by sending specially crafted AJAX requests to the vulnerable endpoint. The attack surface is significant because the plugin is widely used for creating dynamic grid galleries, and the function is designed for front-end AJAX operations, making it directly reachable by visitors [1].

An attacker who successfully exploits this vulnerability can view the content of any private or password-protected post on the WordPress site. This may include draft posts, private pages, or any content intended to be restricted, potentially exposing sensitive information [1].

The vendor released version 3.1.2 on 29th April 2023, which fixes this vulnerability by properly implementing permission checks in the on_front_ajax_action() function [1]. Users should update immediately; users on versions 3.1.1 or earlier remain vulnerable.