CVE-2023-7072

CWE-2023 documents3 sources
Severity
7.5HIGH
EPSS
1.0%
top 22.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pickplugins Post Grid ComboPickplugins Post Grid
Timeline
PublishedMar 12
Latest updateMar 13

Description

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5pickplugins/post_grid2.2.68

🔴Vulnerability Details

2
GHSA
GHSA-wwwj-3jgf-xr9q: The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,2024-03-13
CVEList
Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint2024-03-12
CVE-2023-7072 (HIGH CVSS 7.5) | The Post Grid Combo – 36+ Gutenberg | cvebase.io