CVE-2024-0881

Summary

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

Affected Software

VendorProductVersion RangeStatus
UnknownPost Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel0 < 2.2.76affected

Weaknesses

  • CWE-863 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References