CVE-2023-7072

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 12, 2024
Updated: Mar 13, 2024

Summary

CVE-2023-7072 is a vulnerability affecting the Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress. This issue exposes sensitive information through the 'get_posts' REST API Endpoint, which is accessible to unauthenticated attackers. The vulnerability allows extraction of full draft posts, password-protected posts, and the passwords for password-protected posts. Versions up to and including 2.2.68 are affected by this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share