cbcvebase.
CVE-2023-40211
published 2023-11-30

CVE-2023-40211: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid…

PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.04%
78.7th percentile
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.

Affected

2 ranges
VendorProductVersion rangeFixed in
pickpluginspost_grid_combo< 2.2.512.2.51
pickpluginspost_grid_combo_36+_gutenberg_blocksn/a – 2.2.50

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/wp/v2/users
url/?rest_route=/wp/v2/users
url/wp-json/post-grid/v2/get_user_meta
path/wp-content/plugins/post-grid-combo/
commandPOST /wp-json/post-grid/v2/get_user_meta HTTP/1.1 Content-Type: application/json {"id":{{user_id}},"meta_key":"email"}
  • Enumerate WordPress users via unauthenticated REST API endpoint, then call the vulnerable post-grid meta endpoint to extract sensitive user data (e.g., email).
  • Detect exploitation attempts by monitoring for POST requests to /wp-json/post-grid/v2/get_user_meta with a JSON body containing 'meta_key' field.
  • A successful exploitation response will contain the JSON key '{"email":' in the response body with HTTP 200 and Content-Type application/json.
  • Identify vulnerable WordPress installations by searching for the plugin path /wp-content/plugins/post-grid-combo/ in page bodies (FOFA/PublicWWW fingerprint).
  • The attack chain starts with unauthenticated user enumeration: check for HTTP 200 responses to /wp-json/wp/v2/users or /?rest_route=/wp/v2/users containing JSON fields '[{"id' and 'name:'.
  • ·The vulnerability affects Post Grid Combo plugin versions up to and including 2.2.50 only; versions beyond 2.2.50 are patched.
  • ·The exploit requires two sequential HTTP requests: first to enumerate a valid user ID via the WP REST API users endpoint, then to call the post-grid meta endpoint with that ID.
  • ·The user enumeration step uses a clusterbomb attack against two alternative REST route formats; detection should cover both variants.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.