id: CVE-2024-0881

info:
  name: Combo Blocks < 2.2.76 - Improper Access Control
  author: s4e-io
  severity: medium
  description: |
    The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
  impact: |
    Unauthenticated attackers can access password-protected posts bypassing authentication restrictions, potentially exposing sensitive content.
  remediation: |
    Update Combo Blocks plugin to version 2.2.76 or later.
  reference:
    - https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0881
  classification:
    cve-id: CVE-2024-0881
    cwe-id: CWE-284
    epss-score: 0.13073
    epss-percentile: 0.94233
  metadata:
    verified: true
    max-request: 3
    publicwww-query: "/wp-content/plugins/user-meta/"
  tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure,vuln

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/user-meta/readme.txt"

    matchers:
      - type: word
        internal: true
        words:
          - "User Profile Builder"

  - method: GET
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free"
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - '{"html"'
          - '"<div class='
          - '"pagination":'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402204ce7ed76ce7578c49c2c919e6e7485eb0973dbd6ab2f7a71063d3bd6745e7dff02200ad610e48c07f111078dfe28fdbdc6ee93cea9ef78ed410c20589edeb975aa0c:922c64590222798bb761d5b6d8e72950