CVE-2021-24652

Published: Sep 27, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.

Affected (1)

Products: Wpxpo: Postx Gutenberg Blocks For Post Grid

Wpxpo

1 product

Postx Gutenberg Blocks For Post Grid

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpxpo Postx Gutenberg Blocks For Post Grid	Before 2.4.10

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c

Source: contact@wpscan.com

Third Party Advisory

https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.