{"api_version":"1","generated_at":"2026-04-23T08:39:37+00:00","cve":"CVE-2021-24652","urls":{"html":"https://cve.report/CVE-2021-24652","api":"https://cve.report/api/cve/CVE-2021-24652.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-24652","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-24652"},"summary":{"title":"CVE-2021-24652","description":"The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.","state":"PUBLIC","assigner":"contact@wpscan.com","published_at":"2021-09-27 16:15:00","updated_at":"2023-11-07 03:31:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c","name":"https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c","refsource":"MISC","tags":[],"title":"Attention Required! | Cloudflare","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-24652","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-24652","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"apple502j","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"24652","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wpxpo","cpe5":"postx_-_gutenberg_blocks_for_post_grid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ID":"CVE-2021-24652","ASSIGNER":"contact@wpscan.com","STATE":"PUBLIC","TITLE":"PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls"},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","generator":"WPScan CVE Generator","affects":{"vendor":{"vendor_data":[{"vendor_name":"Unknown","product":{"product_data":[{"product_name":"PostX – Gutenberg Blocks for Post Grid","version":{"version_data":[{"version_affected":"<","version_name":"2.4.10","version_value":"2.4.10"}]}}]}}]}},"description":{"description_data":[{"lang":"eng","value":"The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values."}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c","name":"https://wpscan.com/vulnerability/5375bd3e-a30d-4f24-9b17-470b28a8231c"}]},"problemtype":{"problemtype_data":[{"description":[{"value":"CWE-863 Incorrect Authorization","lang":"eng"}]}]},"credit":[{"lang":"eng","value":"apple502j"}],"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-09-27 16:15:00","lastModifiedDate":"2023-11-07 03:31:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wpxpo:postx_-_gutenberg_blocks_for_post_grid:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.4.10","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"24652","Ordinal":"199414","Title":"CVE-2021-24652","CVE":"CVE-2021-24652","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"24652","Ordinal":"1","NoteData":"The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"24652","Ordinal":"2","NoteData":"2021-09-27","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"24652","Ordinal":"3","NoteData":"2021-09-27","Type":"Other","Title":"Modified"}]}}}