Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Post Grid and Gutenberg Blocks 2.2.90

  • Severity: high-risk
  • Status: Fixed
  • Publication: September 10, 2024

The Post Grid and Gutenberg Blocks plugin for WordPress has a security flaw that allows unauthorized users to gain higher privileges. This affects all versions from 2.2.87 to 2.2.90. The issue is caused by the plugin not properly limiting what information can be changed and not verifying if the form is active. This means that attackers who are logged in with at least subscriber-level access can change their user settings and become an administrator.

Detected in:

Post Grid fixed vulnerable versions: >= 2.2.87 <= 2.2.90
Post Grid and Gutenberg Blocks fixed vulnerable versions:
Post Grid and Gutenberg Blocks – ComboBlocks fixed vulnerable versions:
Post Grid By PickPlugins fixed vulnerable versions:
Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.