PostX Gutenberg Blocks for Post Grid < 2.4.10 – Missing Access Controls | CVE 2021-24652

Description

The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.

Proof of Concept

You can run this from a browser's javascript console:  jQuery.post(ajaxurl,{action:"ultp_addon",addon:"ultp_templates",value:"false",wpnonce:"a"})

Affects Plugins

ultimate-post

Fixed in 2.4.10

References

CVE

CVE-2021-24652

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

5375bd3e-a30d-4f24-9b17-470b28a8231c

Timeline

Publicly Published

2021-08-17 (about 2 years ago)

Added

2021-08-26 (about 2 years ago)

Last Updated

2023-01-27 (about 1 years ago)

Other

Published

Title

Published

2023-08-14

Title

Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

Published

2024-04-17

Title

Backup Migration < 1.4.4 - Information Exposure via Log Files

Published

2024-01-16

Title

User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update

Published

2021-09-22

Title

Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection

Published

2023-06-02

Title

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.5 - Missing authentication