Primary

Context

Post Grid and Gutenberg Blocks - ComboBlocks Unauthenticated Paid Order Creation Vulnerability

Vulnerability

Patched

A vulnerability exists in the Post Grid and Gutenberg Blocks - ComboBlocks plugin for WordPress, allowing unauthorized order creation in all versions through 2.3.5. This issue arises from inadequate validation of form fields, enabling unauthenticated attackers to generate new product orders and mark them as paid without completing the actual payment.

Impact

Exploitation of this vulnerability allows for unauthorized creation of orders, which are falsely marked as paid, potentially leading to financial discrepancies and abuse of the ordering system.

Remediation

Users are advised to update the Post Grid and Gutenberg Blocks - ComboBlocks plugin to version 2.3.6 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Post Grid and Gutenberg Blocks - ComboBlocks Unauthenticated Paid Order Creation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PickPlugins Post Grid and Gutenberg Blocks - ComboBlocks

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating