5 matches found
CVE-2024-0881
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
WordPress Post Grid and Gutenberg Blocks Plugin < 2.2.76 is vulnerable to Broken Access Control
Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions 2.2.76 Fixed in 2.2.76 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0881 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8983e099562f Credits Krzysztof Zając...
CVE-2024-0881
The CVE-2024-0881 entry concerns the WordPress Combo Blocks ecosystem (Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel) prior to version 2.2.76. Root cause: improper access control allows unauthenticated AJAX actions to reveal password-protected posts, enabling ...
CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...
CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...