CVE-2024-5326

Name of the Vulnerable Software and Affected Versions Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX versions up to, and including, 4.1.2

Description The issue is related to a missing capability check on the postx presets callback function, allowing authenticated attackers with Contributor-level access and above to modify arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator. The vulnerability is associated with insufficient authorization procedures, which can be exploited by a remote attacker to elevate privileges and gain access to read, modify, or delete data.

Recommendations For versions up to, and including, 4.1.2, update to a version that includes a fix for the missing capability check on the postx presets callback function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.