8.8
CVE-2024-8253
- EPSS 1.58%
- Veröffentlicht 11.09.2024 04:15:05
- Zuletzt bearbeitet 25.09.2024 19:42:31
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPost Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.
Mögliche Gegenmaßnahme
Post Grid: Update to version 2.2.91, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Post Grid
Version
2.2.87-2.2.90
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pickplugins ≫ Post Grid SwPlatformwordpress Version >= 2.2.87 < 2.2.91
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.58% | 0.81 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.