HIGH🇬🇧 English

CVE-2023-7072

CVSS 7.5v3.1pub. 2024-03-12upd. 2026-04-08

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Pickplugins Post Grid Combo

    APP
    Pickplugins
    < 2.2.69
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-40211HIGH7.5ten sam produkt

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ ...

CVE-2023-6645MEDIUM6.4ten sam produkt

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting v...

CVE-2022-4693CRITICAL9.8ten sam vendor

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To...

CVE-2024-13408HIGH7.5ten sam vendor

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for Word...

CVE-2021-4450HIGH8.8ten sam vendor

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, a...

CVE-2023-7072 — HIGH 7.5 | CVEbaza.pl