CVE-2024-9636
Published: 15 January 2025
Description
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.
Security Summary
CVE-2024-9636 is a privilege escalation vulnerability affecting the Post Grid and Gutenberg Blocks plugin for WordPress, specifically in versions 2.2.85 through 2.3.3. The issue stems from the plugin failing to properly restrict which user meta fields can be updated during profile registration, allowing attackers to manipulate their user role to administrator level upon registration.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity, requiring no privileges or user interaction, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and association with CWE-269 (Improper Privilege Management). By registering a new account on a vulnerable site, an attacker can immediately gain administrator privileges, enabling full control over the WordPress site, including content modification, user management, and potential further compromise.
Patches addressing this vulnerability are reflected in WordPress plugin trac changesets, such as 3117675 and 3221012 in the trunk/includes/blocks/form-wrap/functions.php file, and version 2.2.93 which modifies line 3200 in the same file to enforce proper restrictions. Additional details are available in the Wordfence threat intelligence advisory at the referenced URL.
Details
- CWE(s)