CVE-2024-0881

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0881
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*
History

09 May 2025, 15:57

Type Values Removed Values Added
CPE cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*
CWE NVD-CWE-noinfo
References () https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/ - () https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/ - Exploit, Third Party Advisory
First Time Pickplugins
Pickplugins post Grid

21 Nov 2024, 08:47

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/ - () https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/ -

31 Oct 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4

30 Aug 2024, 13:15

Type Values Removed Values Added
Summary (en) The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts (en) The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

12 Apr 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) El complemento Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel de WordPress anterior a 2.2.76 no impide que se muestren publicaciones protegidas con contraseña como resultado de algunas acciones AJAX no autenticadas, lo que permite a usuarios no autenticados leer dichas publicaciones.

11 Apr 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-11 16:15

Updated : 2025-05-09 15:57

NVD link : CVE-2024-0881

Mitre link : CVE-2024-0881

CVE.ORG link : CVE-2024-0881

JSON object : View

Products Affected

pickplugins

  • post_grid
CWE
NVD-CWE-noinfo