9.8
CVE-2024-9234
- EPSS 10.43%
- Veröffentlicht 11.10.2024 13:15:18
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload
GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.
Mögliche Gegenmaßnahme
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor: Update to version 2.1.1, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerwpmet
≫
Produkt
gutenkit
Default Statusunknown
Version <=
2.1.0
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
Version
*-2.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.43% | 0.952 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://github.com/WordPressBugBounty/plugins-gutenkit-blocks-addon/blob/dc3738bb821cf1d93a11379b8695793fa5e1b9e6/gutenkit-blocks-addon/includes/Admin/Api/ActivePluginData.php#L76
https://plugins.trac.wordpress.org/browser/gutenkit-blocks-addon/tags/2.1.0/includes/Admin/Api/ActivePluginData.php?rev=3159783#L76
https://plugins.trac.wordpress.org/browser/gutenkit-blocks-addon/tags/2.1.1/includes/Admin/Api/ActivePluginData.php?rev=3164886
https://www.wordfence.com/threat-intel/vulnerabilities/id/e44c5dc0-6bf6-417a-9383-b345ff57ac32?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/e44c5dc0-6bf6-417a-9383-b345ff57ac32