CVE-2021-24652

Опубликовано: 27 сент. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.

Ссылки

https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c
Third Party Advisory
https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpxpo:postx_-_gutenberg_blocks_for_post_grid:*:*:*:*:*:wordpress:*:*

Версия до 2.4.10 (исключая)

EPSS

Процентиль: 40%

0.00183

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-9758-6rv3-3xpp

github

больше 3 лет назад

The PostX â€“ Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.