9.6

CVE-2023-1895

EPSS 0.17%
Veröffentlicht 09.06.2023 06:15:58
Zuletzt bearbeitet 25.11.2024 16:47:33
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Mögliche Gegenmaßnahme

Getwid – Gutenberg Blocks: Update to version 1.8.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Getwid – Gutenberg Blocks

Version *-1.8.3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Motopress ≫ Getwid SwPlatformwordpress Version <= 1.8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.379

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.6	3.1	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
security@wordfence.com	8.5	3.1	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php

Issue Tracking

https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-1895

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1895

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1895

EUVD