CVE-2024-13798

Name of the Vulnerable Software and Affected Versions The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress versions up to, and including, 2.3.5

Description The issue is due to insufficient verification on form fields, making it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.

Recommendations For versions up to, and including, 2.3.5, update to a version later than 2.3.5 to resolve the issue. As a temporary workaround, consider restricting access to the form fields that are vulnerable to unauthorized order creation until a patch is available.