Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to Unknown - Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel

CVE-2024-0881 (GCVE-0-2024-0881)

Vulnerability from cvelistv5

Published

2024-04-11 15:36

Modified

2024-10-31 15:07

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-863 Improper Access Control

Summary

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

References

▼	URL	Tags
	https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/	exploit, vdb-entry, technical-description

Impacted products

	Vendor	Product	Version
	Unknown	Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "post_grid",
            "vendor": "pickplugins",
            "versions": [
              {
                "lessThan": "2.2.76",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-0881",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-31T15:04:13.515807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T15:07:40.694Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:18.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "2.2.76",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Krzysztof Zaj\u0105c (CERT PL)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel  WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-863 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-30T12:42:29.783Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Combo Blocks \u003c 2.2.76 - Unauthenticated Password Protected Posts Access",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-0881",
    "datePublished": "2024-04-11T15:36:31.247Z",
    "dateReserved": "2024-01-25T13:00:04.765Z",
    "dateUpdated": "2024-10-31T15:07:40.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}