CVE-2024-7418
📋 TL;DR
This vulnerability in The Post Grid WordPress plugin allows authenticated users with contributor-level access or higher to view draft, scheduled, and other non-public posts. It affects all plugin versions up to 7.7.11. The exposure occurs through specific functions that don't properly check post visibility permissions.
💻 Affected Systems
- The Post Grid - Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
📦 What is this software?
The Post Grid by Radiustheme
⚠️ Risk & Real-World Impact
Worst Case
Sensitive unpublished content (drafts, future posts, private posts) could be exposed to malicious insiders or compromised accounts, potentially revealing confidential information, strategic plans, or embargoed content.
Likely Case
Contributor-level users could view unpublished posts they shouldn't have access to, potentially learning about upcoming content, internal communications, or confidential drafts.
If Mitigated
With proper access controls and monitoring, the impact is limited to authorized users who already have some level of access to the WordPress admin interface.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has contributor-level credentials. The vulnerability is in specific API functions that can be called directly.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.7.12 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'The Post Grid' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 7.7.12+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Restrict Contributor Access
allTemporarily remove contributor-level access or limit the number of contributor accounts until patching.
WordPress admin: Users → All Users → Edit user roles
Disable Vulnerable Plugin
allTemporarily deactivate The Post Grid plugin if not critically needed.
WordPress admin: Plugins → Installed Plugins → Deactivate 'The Post Grid'
🧯 If You Can't Patch
- Implement strict access controls and monitor contributor account activity
- Use web application firewall rules to block suspicious requests to the vulnerable endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin: Plugins → Installed Plugins → The Post Grid version. If version is 7.7.11 or lower, you are vulnerable.Check Version:
WordPress CLI: wp plugin get the-post-grid --field=versionVerify Fix Applied:
After updating, verify The Post Grid plugin version is 7.7.12 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to post_query_guten or post_query endpoints from contributor accounts
- Multiple failed authentication attempts followed by successful contributor login
Network Indicators:
- HTTP requests to /wp-json/ or admin-ajax.php with post_query parameters from unexpected sources
SIEM Query:
source="wordpress" AND (uri_path="*post_query*" OR uri_path="*admin-ajax.php*") AND user_role="contributor"🔗 References
- https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php
- https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve
