The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.

Related CVEs

CVE-2024-9636

Key Information

GHSA ID

GHSA-q8x9-2qr4-3w45

Published

January 15, 2025 12:30 PM

Last Modified

January 15, 2025 12:30 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.