Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-0881

CWE-863 ā€” Incorrect Authorization4 documents4 sources
Severity
5.4MEDIUM
EPSS
13.1%
top 5.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Pickplugins Post Grid
Timeline
PublishedApr 11

Description

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

ā–¶NVDpickplugins/post_grid< 2.2.76

šŸ”“Vulnerability Details

2
GHSA
GHSA-73jw-m44p-r46h: The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2ā†—2024-04-11
ā–¶
CVEList
Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Accessā†—2024-04-11
ā–¶

šŸ’„Exploits & PoCs

1
Nuclei
Combo Blocks < 2.2.76 - Improper Access Control
ā–¶
CVE-2024-0881 (MEDIUM CVSS 5.4) | The Post Grid | cvebase.io