Description

WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently save/obtain plugin settings, or obtain plugin template information. WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates version 4.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.0.7 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/essential-blocks/essential-blocks-406-missing-authorization-via-save

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/essential-blocks/essential-blocks-406-missing-authorization-via-get

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/essential-blocks/essential-blocks-406-missing-authorization-via-templates

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/essential-blocks/essential-blocks-406-missing-authorization-via-template-count

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2003-0727)

WordPress Plugin YITH WooCommerce Quick View Security Bypass (1.3.13)

WordPress Plugin FCChat Widget 'Upload.php' Arbitrary File Upload (2.2.13.1)

WordPress Plugin WP Fastest Cache Unspecified Vulnerability (0.8.8.5)

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16980)

Severity

High

Classification

CVE-2023-2083 CVE-2023-2084 CVE-2023-2085 CVE-2023-2086 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass