cve/2024/CVE-2024-0881.md

### [CVE-2024-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0881)
![](https://img.shields.io/static/v1?label=Product&message=Post%20Grid%2C%20Form%20Maker%2C%20Popup%20Maker%2C%20WooCommerce%20Blocks%2C%20Post%20Blocks%2C%20Post%20Carousel%20&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.76%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)

### Description

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel  WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

### POC

#### Reference
- https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2024-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0881)`
			`![](https://img.shields.io/static/v1?label=Product&message=Post%20Grid%2C%20Form%20Maker%2C%20Popup%20Maker%2C%20WooCommerce%20Blocks%2C%20Post%20Blocks%2C%20Post%20Carousel%20&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.76%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)`

			`### Description`

			`The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`