cleantalk
Vulnerabilities and Security Researches

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks, CVE-2024-9636

CVE, Research URL

CVE-2024-9636

Home page URL

Security reports for Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

Application

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

Published on
Jan 15, 2025
Research Description
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.
Affected versions
Min 2.2.85, max 2.3.3.
Status
vulnerable
Previous vulnerability researches
Post Grid for Elementor & Product Grid | PowerGrids (513b8cac04964f7c742c50353b32f41d519b21a5) , Jun 07, 2024
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget (CVE-2025-24782) , Jan 29, 2025
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget (CVE-2024-13408) , Jan 26, 2025
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget (CVE-2024-13409) , Jan 26, 2025
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget (CVE-2022-1266) , Jun 06, 2024
New vulnerability
GMap Generator (CVE-2025-8568) , Aug 14, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-47444) , Aug 14, 2025
Easy Form Builder (CVE-2025-54678) , Aug 14, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-54025) , Aug 14, 2025
RT Easy Builder – Advanced addons for Elementor (CVE-2025-8462) , Aug 14, 2025