5.3

CVE-2023-6963

Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass

Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.
Mögliche Gegenmaßnahme
Getwid – Gutenberg Blocks: Update to version 2.0.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MotopressGetwid SwPlatformwordpress Version < 2.0.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Getwid – Gutenberg Blocks
Version *-2.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.408
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-804 Guessable CAPTCHA

The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://plugins.trac.wordpress.org/changeset/3022982
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4
Third Party Advisory