Privilege Escalation Vulnerability Affects WordPress Users
CVE-2024-8253

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Post Grid And Gutenberg Blocks
Vendor: CVE Published:; 11 September 2024

Summary

The Post Grid and Gutenberg Blocks plugin for WordPress presents a vulnerability that allows for privilege escalation due to insufficient restrictions on user meta value updates. This issue affects all versions from 2.2.87 to 2.2.90, enabling authenticated users with subscriber-level access and higher to manipulate their user meta settings to elevate their privileges to that of an administrator. The vulnerability arises from a failure to properly validate what user meta can be altered and whether the associated form is active, leading to a significant security risk for affected WordPress installations.

Affected Version(s)

Post Grid and Gutenberg Blocks 2.2.87 <= 2.2.90

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/post-grid/trun...

https://plugins.trac.wordpress.org/changeset/3130155/post...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Aug 28, 2024

Credit

wesley