CVE-2024-0881

MEDIUM NUCLEI

WordPress Plugin <2.2.76 - Info Disclosure

Title source: llm

Description

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

Exploits (1)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2024/CVE-2024-0881.md

View Code ZIP pw:eip

Nuclei Templates (1)

Combo Blocks < 2.2.76 - Improper Access Control

MEDIUMVERIFIEDby s4e-io

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/

Scores

CVSS v3 5.4

EPSS 0.1307

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

Status published

Products (1)

pickplugins/post_grid < 2.2.76

Published Apr 11, 2024

Tracked Since Feb 18, 2026