CVE-2024-8253

Name of the Vulnerable Software and Affected Versions: The Post Grid and Gutenberg Blocks plugin for WordPress versions 2.2.87 through 2.2.90

Description: The issue is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator. Over 40,000 WordPress sites are affected by this privilege escalation vulnerability.

Recommendations: For versions 2.2.87 through 2.2.90, update the plugin to a version that fixes the privilege escalation issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.