CVE-2024-10728

HIGH

Wpxpo Postx < 4.1.17 - Missing Authorization

Title source: rule

Description

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.

Exploits (1)

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-10728

View Code ZIP pw:eip

References (5)

[Product] https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Importer.php#L94

[Product] https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Initialization.php#L330

[Patch] https://plugins.trac.wordpress.org/changeset/3188636/ultimate-post/trunk/classes/Importer.php

[Product] https://wordpress.org/plugins/ultimate-post/

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/076f36fb-c2fb-43e0-a027-1351d3995489?source=cve

Scores

CVSS v3 8.8

EPSS 0.7607

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-862

Status published

Affected Products (1)

wpxpo/postx < 4.1.17

Timeline

Published Nov 16, 2024

Tracked Since Feb 18, 2026