CVE-2024-9636

Name of the Vulnerable Software and Affected Versions Post Grid and Gutenberg Blocks plugin for WordPress versions 2.2.85 through 2.3.3

Description The issue arises from the plugin not properly restricting what user meta can be updated during profile registration, making it possible for unauthenticated attackers to register on the site as an administrator. This allows for privilege escalation. Thousands of sites are potentially exposed to complete takeover.

Recommendations For versions 2.2.85 through 2.3.3, update to a version that properly restricts user meta updates during profile registration to prevent privilege escalation. As a temporary workaround, consider disabling profile registration or restricting access to the profile registration feature until a patch is available.