7.5
CVE-2023-7072
- EPSS 0.62%
- Veröffentlicht 12.03.2024 23:15:46
- Zuletzt bearbeitet 08.04.2026 19:19:06
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPost Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint
Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.
Mögliche Gegenmaßnahme
Post Grid: Update to version 2.2.69, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pickplugins ≫ Post Grid Combo SwPlatformwordpress Version < 2.2.69
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Post Grid
Version
*-2.2.68
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.449 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-202 Exposure of Sensitive Information Through Data Queries
When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.68/src/functions-rest.php#L1670
https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.69/includes/blocks/functions-rest.php#L1670
https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7