CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-13798

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.0%

CVSS Severity

CVSS v3 Score 5.3

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242737%40post-grid&new=3242737%40post-grid&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/705823ff-e9c3-4b8b-b71c-3b60d0d15b01?source=cve

Products affected by CVE-2024-13798

Pickplugins » Comboblocks » Version: Any

cpe:2.3:a:pickplugins:comboblocks:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13798

Products

Pricing

Contact Us