{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-0881","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-01-25T13:00:04.765Z","datePublished":"2024-04-11T15:36:31.247Z","dateUpdated":"2024-10-31T15:07:40.694Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-08-30T12:42:29.783Z"},"title":"Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access","problemTypes":[{"descriptions":[{"description":"CWE-863 Improper Access Control","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel","versions":[{"status":"affected","versionType":"semver","version":"0","lessThan":"2.2.76"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel  WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts"}],"references":[{"url":"https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Krzysztof Zając (CERT PL)","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"affected":[{"vendor":"pickplugins","product":"post_grid","cpes":["cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"2.2.76","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.4,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-10-31T15:04:13.515807Z","id":"CVE-2024-0881","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-31T15:07:40.694Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:18:18.980Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]}}