What the vulnerability does
01Description
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
Explanation of Vulnerability in Simple Terms
The Grid theme for WordPress contains a missing authorization flaw that allows unauthenticated attackers to read sensitive information. The vulnerability affects versions 2.8.0 and earlier. No user interaction is required to exploit this issue. Site administrators should update to a version newer than 2.8.0 when available.
What an attacker can do
Read sensitive information without logging in or having any special permissions.
Potential impact on your site
Unauthorized visitors can access confidential data exposed by the theme.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources