CVE-2024-0881

Опубликовано: 11 апр. 2024

Источник: nvd

CVSS3: 5.4

EPSS Средний

Описание

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

Ссылки

https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*

Версия до 2.2.76 (исключая)

EPSS

Процентиль: 94%

0.13073

Средний

5.4 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-73jw-m44p-r46h