4.3

CVE-2023-1910

EPSS 0.07%
Veröffentlicht 09.06.2023 06:15:59
Zuletzt bearbeitet 25.11.2024 16:47:33
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer's site.

Mögliche Gegenmaßnahme

Getwid – Gutenberg Blocks: Update to version 1.8.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Getwid – Gutenberg Blocks

Version *-1.8.3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Motopress ≫ Getwid SwPlatformwordpress Version <= 1.8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.203

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php

Issue Tracking

https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd64ab0-007b-4778-9d92-06e530638fad?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd64ab0-007b-4778-9d92-06e530638fad

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-1910

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1910

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1910

EUVD