The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
References
Configurations
History
21 Nov 2024, 07:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php - Patch | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2 - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=cve - Third Party Advisory |
07 Nov 2023, 04:11
Type | Values Removed | Values Added |
---|---|---|
CWE |
14 Jun 2023, 21:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Wpdeveloper essential Blocks
Wpdeveloper |
|
CPE | cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2 - Patch | |
References | (MISC) https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php - Patch | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=cve - Third Party Advisory |
09 Jun 2023, 06:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-09 06:16
Updated : 2024-11-21 07:57
NVD link : CVE-2023-2083
Mitre link : CVE-2023-2083
CVE.ORG link : CVE-2023-2083
JSON object : View
Products Affected
wpdeveloper
- essential_blocks
CWE
No CWE.