- Description
- The Post Grid and Gutenberg Blocks โ ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-20
- Hype score
- Not currently trending
๐จ CVE-2024-13798 - WordPress ๐จ ๐ References https://t.co/5n0uLNyT9k https://t.co/KhSPInmst5 โ ๏ธ Severity 5.3 ๐๏ธ Date published 2025-02-22 05:15:12 UTC #CVE202413798 #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews #AI #Automation https://t.co/AUL2BmrVol
@vulns_space
22 Feb 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13798 Unauthenticated Product Order Injection in ComboBlocks WordPress Plugin https://t.co/6NWfBqNtQp
@VulmonFeeds
22 Feb 2025
68 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-13798 The Post Grid and Gutenberg Blocks โ ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This iโฆ https://t.co/IUA88kZYni
@CVEnew
22 Feb 2025
634 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes