GCVE - cpe:2.3:a:pickplugins:post_grid:-:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:pickplugins:post_grid:-:*:*:*:*:wordpress:*:*

part: a version: - update: *

Vendor	Pickplugins (`03c448d6-40a7-5ce8-8d7e-bbbe6a0aa644`)
Product	Post Grid (`e8268a5e-c246-5ba1-924e-4670bfaecd8f`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/pickplugins/post-grid`	purl2cpe	2026-06-01 10:15:03.957654

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8253`	vulnerable	2026-06-03 14:58:17.587839	Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation HIGH (8.8) The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator. Published: 2024-09-11T03:31:07.619Z Updated: 2024-09-11T18:56:30.780Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/f5f18cae-b7f8-4afd-adfa-c616c63f9419?source=cve https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/form-wrap/functions.php#L3032 https://plugins.trac.wordpress.org/changeset/3130155/post-grid/tags/2.2.87/includes/blocks/form-wrap/functions.php https://plugins.trac.wordpress.org/changeset/3146752/post-grid/tags/2.2.91/includes/blocks/form-wrap/functions.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.