CVE-2024-5326 is a critical authorization bypass vulnerability identified in the Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX, a popular WordPress plugin used for displaying posts in grid layouts. The root cause is a missing capability check in the 'postx_presets_callback' function, which is responsible for handling certain plugin options. This flaw allows any authenticated user with at least Contributor-level privileges to modify plugin settings arbitrarily. Specifically, attackers can enable new user registrations and assign the default role of Administrator to newly created users. This results in a severe privilege escalation scenario where low-privileged users can gain full administrative control over the affected WordPress site. The vulnerability affects all versions up to and including 4.1.2. The CVSS v3.1 score of 8.8 reflects the network exploitable nature (no user interaction required), low attack complexity, and high impact on confidentiality, integrity, and availability. Although no known exploits have been reported in the wild yet, the ease of exploitation and potential damage make this a critical issue for site administrators. The vulnerability was publicly disclosed on May 30, 2024, by Wordfence, and no official patches or updates have been linked yet, emphasizing the need for immediate mitigation.

The impact of CVE-2024-5326 is significant for organizations running WordPress sites with the vulnerable PostX plugin. Attackers with Contributor-level access can escalate privileges to Administrator by manipulating plugin settings, leading to full site compromise. This includes the ability to install malicious plugins, alter site content, steal sensitive data, and disrupt site availability. The unauthorized creation of administrator accounts undermines the integrity and confidentiality of the entire WordPress installation. For businesses, this can result in data breaches, reputational damage, loss of customer trust, and potential regulatory penalties. Since WordPress powers a substantial portion of websites globally, including e-commerce, media, and corporate sites, the scope of affected systems is broad. The vulnerability’s network exploitability and lack of user interaction requirement increase the likelihood of automated or targeted attacks, especially in environments where Contributor roles are assigned to multiple users or external collaborators.

To mitigate CVE-2024-5326, organizations should immediately audit user roles and permissions to ensure that only trusted individuals have Contributor-level or higher access. Until an official patch is released, consider disabling or removing the PostX plugin if it is not essential. If removal is not feasible, restrict access to the plugin’s AJAX endpoints by implementing web application firewall (WAF) rules that block unauthorized requests to 'postx_presets_callback'. Additionally, monitor logs for suspicious activity related to user registration and role changes. Employ multi-factor authentication (MFA) for all administrative accounts to reduce the risk of compromised credentials. Regularly back up WordPress sites to enable recovery in case of compromise. Stay informed about updates from the plugin vendor and apply patches promptly once available. Finally, educate site administrators and contributors about the risks of privilege escalation and the importance of minimal privilege principles.