7.5
CVE-2023-7072
- EPSS 1.01%
- Veröffentlicht 12.03.2024 23:15:46
- Zuletzt bearbeitet 22.01.2025 17:40:31
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPost Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.
Mögliche Gegenmaßnahme
Post Grid: Update to version 2.2.69, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Post Grid
Version
*-2.2.68
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pickplugins ≫ Post Grid Combo SwPlatformwordpress Version < 2.2.69
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.01% | 0.764 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|