Combo Blocks < 2.2.76 – Unauthenticated Password Protected Posts Access | CVE 2024-0881 | Plugin Vulnerabilities

Description

The plugin does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

Proof of Concept

Open one of the below URL as an unauthenticated user and note that password protected posts are disclosed in it (when the blog has such posts)

https://example.com/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free
https://example.com/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free

Affects Plugins

Fixed in 2.2.76

References

CVE

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

Miscellaneous

Original Researcher

Krzysztof Zając (CERT PL)

Submitter

Krzysztof Zając (CERT PL)

Submitter website

https://cert.pl

Submitter twitter

Verified

Yes

WPVDB ID

e460e926-6e9b-4e9f-b908-ba5c9c7fb290

Timeline

Publicly Published

2024-03-19 (about 1 months ago)

Added

2024-03-19 (about 1 months ago)

Last Updated

2024-04-11 (about 1 months ago)

Other

Published

Title

Published

2024-03-19

Title

Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure

Published

2021-08-17

Title

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

Published

2021-08-06

Title

Welcart e-Commerce < 2.2.8 - Authenticated System Information Disclosure

Published

2021-10-19

Title

Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation

Published

2024-02-19

Title

Coming Soon Maintenance Mode < 1.0.6 - Information Exposure