CVE-2024-9636

Sažetak

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.

Reference

https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.93/includes/blocks/form-wrap/functions.php#L3200
https://plugins.trac.wordpress.org/changeset/3117675/post-grid/trunk/includes/blocks/form-wrap/functions.php
https://plugins.trac.wordpress.org/changeset/3221012/post-grid/trunk/includes/blocks/form-wrap/functions.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/1bbe01b8-24ed-4e1e-bafc-0f4dea96c1f3?source=cve

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

15-01-2025 - 10:15

Objavljeno

15-01-2025 - 10:15