GCVE - cpe:2.3:a:pickplugins:post_grid_and_gutenberg_blocks_–

Approved changes feed: RSS · Atom

cpe:2.3:a:pickplugins:post_grid_and_gutenberg_blocks_–_comboblocks:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Pickplugins (`03c448d6-40a7-5ce8-8d7e-bbbe6a0aa644`)
Product	Post Grid And Gutenberg Blocks – Comboblocks (`7f635385-83c8-521a-a322-18fe1962d4b5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-9636`	vulnerable	2026-06-03 14:58:22.279887	Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation CRITICAL (9.8) The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator. Published: 2025-01-15T09:25:53.837Z Updated: 2025-01-15T14:40:55.552Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/1bbe01b8-24ed-4e1e-bafc-0f4dea96c1f3?source=cve https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.93/includes/blocks/form-wrap/functions.php#L3200 https://plugins.trac.wordpress.org/changeset/3117675/post-grid/trunk/includes/blocks/form-wrap/functions.php https://plugins.trac.wordpress.org/changeset/3221012/post-grid/trunk/includes/blocks/form-wrap/functions.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13798`	vulnerable	2026-06-03 14:54:25.466514	Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation MEDIUM (5.3) The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment. Published: 2025-02-22T04:21:16.200Z Updated: 2026-06-04T14:44:18.124Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/705823ff-e9c3-4b8b-b71c-3b60d0d15b01?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242737%40post-grid&new=3242737%40post-grid&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13796`	vulnerable	2026-06-03 14:54:25.461950	Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure MEDIUM (5.3) The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data. Published: 2025-02-28T04:21:55.558Z Updated: 2026-04-08T16:33:05.223Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/0407223a-cd41-43d1-87b0-d6b83b57d4b3?source=cve https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/functions-rest.php?rev=3242718#L2055 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3245187%40post-grid&new=3245187%40post-grid&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Post Grid And Gutenberg Blocks – Comboblocks

PURL mappings

Vulnerability references

Contribute