CVE-2023-7072

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 12, 2024

Updated: Mar 13, 2024

Summary

CVE-2023-7072 is a vulnerability affecting the Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress. This issue exposes sensitive information through the 'get_posts' REST API Endpoint, which is accessible to unauthenticated attackers. The vulnerability allows extraction of full draft posts, password-protected posts, and the passwords for password-protected posts. Versions up to and including 2.2.68 are affected by this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t4lJxP
https://www.cve.org/CVERecord?id=CVE-2023-7072
https://nvd.nist.gov/vuln/detail/CVE-2023-7072

Back to Vulnerability Database

CVE-2023-7072

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations