WordPress Plugin Vulnerabilities

Essential Grid < 3.0.19 - Missing Authorization

Description

The Essential Grid plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in versions up to, and including, 3.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to access those functions intended for higher privileged users. The exact consequences are not known.

Affects Plugins

Plugin icon
essential-grid
Fixed in 3.0.19

References

CVE
CVE-2023-47771
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/326618eb-186b-44a2-a779-00d5366bfff2

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.3 (high)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
0a88f201-cf6c-42bd-85fb-5eec50cb9ff1

Timeline

Publicly Published
2023-11-14 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-09-29
Title
Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure
Published
2025-09-09
Title
Maspik < 2.5.7 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export
Published
2025-10-28
Title
Elastic Email Sender < 1.2.21 - Missing Authorization
Published
2025-06-05
Title
Slack Notifications by dorzki <= 2.0.7 - Missing Authorization
Published
2024-11-12
Title
Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export