CVE-2021-24652

MEDIUM

PostX - Gutenberg Blocks for Post Grid < 2.4.10 - Authenticated Incorrect Authorization via AJAX Requests

Title source: llm

Description

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c

Scores

CVSS v3 6.5

EPSS 0.0069

EPSS Percentile 48.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-863

Status published

Products (1)

wpxpo/postx_-_gutenberg_blocks_for_post_grid < 2.4.10

Published Sep 27, 2021

Tracked Since Feb 18, 2026