Lucene search

WpvulndbWPVDB-ID:9BDCB3DC-07AA-4CA5-AACB-1EE5C2B8256F

HistoryApr 11, 2024 - 12:00 a.m.

PostX – Gutenberg Blocks for Post Grid < 3.2.4 - Incorrect Authorization

2024-04-1100:00:00

wpscan.com

postx

gutenberg blocks

wordpress

unauthorized access

rest api

version 3.2.3

capability check

authenticated attackers

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The PostX – Gutenberg Blocks for Post Grid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with author-level access and above, to perform several unauthorized actions.

References

www.wordfence.com/threat-intel/vulnerabilities/id/c2fd1bd8-dcc2-4c9a-be3f-b0a58992a239

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:9BDCB3DC-07AA-4CA5-AACB-1EE5C2B8256F