CVE-2021-24652

CVE-2021-24652: PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

Vendor Unknown

Product PostX – Gutenberg Blocks for Post Grid

Weakness CWE-863 · Incorrect authorization

Published September 27, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.

Key dates

02Disclosure timeline

September 27, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24652 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup CVE-2022-0762 Incorrect Authorization in microweber/microweber CVE-2022-23627 Inadequate access verification when using proxy commands in ArchiSteamFarm