{"uuid": "461e1ad5-f19d-4adf-aee9-b942c65d9c23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13798", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5015", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13798\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Post Grid and Gutenberg Blocks \u2013 ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.\n\ud83d\udccf Published: 2025-02-22T04:21:16.200Z\n\ud83d\udccf Modified: 2025-02-22T04:21:16.200Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/705823ff-e9c3-4b8b-b71c-3b60d0d15b01?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242737%40post-grid&new=3242737%40post-grid&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-22T05:18:50.000000Z"}