Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel by Unknown

    CVE-2024-0881 (GCVE-0-2024-0881)

    Vulnerability from nvd – Published: 2024-04-11 15:36 – Updated: 2024-10-31 15:07
    VLAI
    Title
    Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
    Summary
    The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/e460e926-6e9b-4e… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel Affected: 0 , < 2.2.76 (semver)
    Create a notification for this product.
    pickplugins post_grid Affected: 0 , < 2.2.76 (custom)
        cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Krzysztof Zając (CERT PL) WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "post_grid",
                "vendor": "pickplugins",
                "versions": [
                  {
                    "lessThan": "2.2.76",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0881",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T15:04:13.515807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T15:07:40.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:18:18.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.2.76",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Krzysztof Zaj\u0105c (CERT PL)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel  WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-863 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-30T12:42:29.783Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Combo Blocks \u003c 2.2.76 - Unauthenticated Password Protected Posts Access",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-0881",
        "datePublished": "2024-04-11T15:36:31.247Z",
        "dateReserved": "2024-01-25T13:00:04.765Z",
        "dateUpdated": "2024-10-31T15:07:40.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0881 (GCVE-0-2024-0881)

    Vulnerability from cvelistv5 – Published: 2024-04-11 15:36 – Updated: 2024-10-31 15:07
    VLAI
    Title
    Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
    Summary
    The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/e460e926-6e9b-4e… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel Affected: 0 , < 2.2.76 (semver)
    Create a notification for this product.
    pickplugins post_grid Affected: 0 , < 2.2.76 (custom)
        cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Krzysztof Zając (CERT PL) WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "post_grid",
                "vendor": "pickplugins",
                "versions": [
                  {
                    "lessThan": "2.2.76",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0881",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T15:04:13.515807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T15:07:40.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:18:18.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.2.76",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Krzysztof Zaj\u0105c (CERT PL)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel  WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-863 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-30T12:42:29.783Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Combo Blocks \u003c 2.2.76 - Unauthenticated Password Protected Posts Access",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-0881",
        "datePublished": "2024-04-11T15:36:31.247Z",
        "dateReserved": "2024-01-25T13:00:04.765Z",
        "dateUpdated": "2024-10-31T15:07:40.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }