Post Grid and Gutenberg Blocks 2.2.87 – 2.2.90 – Subscriber+ Privilege Escalation | CVE 2024-8253 | Plugin Vulnerabilities

Description

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.

Affects Plugins

Fixed in 2.2.91

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/f5f18cae-b7f8-4afd-adfa-c616c63f9419

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

wesley (wcraft)

Verified

No

WPVDB ID

b1ad7d07-240f-4be2-9962-d24e23c9ab6c

Timeline

Publicly Published

2024-09-10 (about 1 year ago)

Added

2024-09-10 (about 1 year ago)

Last Updated

2024-09-10 (about 1 year ago)

Other

Published

Title

Published

2023-06-19

Title

MStore API < 3.9.9 - Unauthenticated Privilege Escalation

Published

2025-06-09

Title

MapSVG < 8.6.13 - Contributor+ Privilege Esclation

Published

2024-10-25

Title

Exam Matrix <= 1.5 - Unauthenticated Privilege Escalation

Published

2026-01-20

Title

Directorist Social Login <= 2.1.1 - Unauthenticated Privilege Escalation

Published

2026-04-27

Title

LatePoint < 5.4.2 - Agent+ Privilege Escalation