Vulnerability Description
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pickplugins | Post Grid | >= 2.2.87, < 2.2.91 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/form-Product
- https://plugins.trac.wordpress.org/changeset/3130155/post-grid/tags/2.2.87/incluPatch
- https://plugins.trac.wordpress.org/changeset/3146752/post-grid/tags/2.2.91/incluPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f5f18cae-b7f8-4afd-adfThird Party Advisory
FAQ
What is CVE-2024-8253?
CVE-2024-8253 is a vulnerability with a CVSS score of 8.8 (HIGH). The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values...
How severe is CVE-2024-8253?
CVE-2024-8253 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8253?
Check the references section above for vendor advisories and patch information. Affected products include: Pickplugins Post Grid.