The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php | Issue Tracking |
https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve | Third Party Advisory |
Configurations
History
07 Nov 2023, 04:05
Type | Values Removed | Values Added |
---|---|---|
CWE |
16 Jun 2023, 00:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php - Issue Tracking | |
CPE | cpe:2.3:a:motopress:getwid_-_gutenberg_blocks:*:*:*:*:*:wordpress:*:* | |
First Time |
Motopress getwid - Gutenberg Blocks
Motopress |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
09 Jun 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-09 06:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1895
Mitre link : CVE-2023-1895
CVE.ORG link : CVE-2023-1895
JSON object : View
Products Affected
motopress
- getwid_-_gutenberg_blocks
CWE
No CWE.