CVE-2024-0881

Published: Apr 11, 2024Modified: May 9, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

Affected (1)

Products: Pickplugins: Post Grid

Pickplugins

1 product

Post Grid

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pickplugins Post Grid	Before 2.2.76

References (2)

https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.