CVE-2024-28216 - AskarLabs CVE Database

CVE-2024-28216

Weakness CWE-862 · Missing authorization

Published March 7, 2024

Last update September 6, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

Key dates

02Disclosure timeline

March 7, 2024 CVE published

September 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-28216 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-48127 WordPress Push notification for Mobile and Web app plugin <= 2.0.3 - Broken Access Control vulnerability CVE-2023-52214 WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.3 - Broken Access Control vulnerability CVE-2025-24649 WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability CVE-2026-5427 Kubio AI Page Builder <= 2.7.2 - Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes CVE-2026-47163 Quest Bot: Unprivileged users can create and remove AutoMod rules.