CVE-2024-13798

Medium CVSS: 5.3

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.

Vendor

Pickplugins

Product

Comboblocks

CWE

CWE-20

Yayın Tarihi

2025-02-22 05:15:12

Güncelleme

2025-03-06 15:17:06

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-20 Comboblocks MEDIUM Pickplugins 2025

Referanslar

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242737%40post-grid&new=3242737%40post-grid&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/705823ff-e9c3-4b8b-b71c-3b60d0d15b01?source=cve

Benzer Kayıtlar

Medium

CVE-2024-9645

The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate…

Medium

CVE-2024-13469

The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link i…

Medium

CVE-2024-13796

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in…

High

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is v…