CVE-2024-8253

The Post Grid and Gutenberg Blocks plugin for WordPress is

Publication date: 2024-09-11

Last updated on: 2024-09-25

Description

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.

CVSS Scores

Affected Vendors & Products

Vendor	Product	Version
pickplugins	post_grid	*

Helpful Resources

Third Party Advisory
Product
Patch
Patch

Exploitability

CWE ID	Description
NVD-CWE-noinfo

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

Meta Information

Date published:

2024-09-11

Date last modified:

2024-09-25

Date generated:

2025-01-15

NVD report:

CVE-2024-8253