Description

WordPress Plugin Global Content Blocks is prone to multiple security vulnerabilities, including a remote PHP code execution vulnerability and multiple information disclosure vulnerabilities. Successful exploits of these issues may allow remote attackers to execute arbitrary malicious PHP code in the context of the application or obtain potentially sensitive information. WordPress Plugin Global Content Blocks version 1.5.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.5.2 or latest

References

http://ceriksen.com/2012/07/12/wordpress-global-content-blocks-multiple-vulnerabilities/

http://secunia.com/advisories/49854/

Related Vulnerabilities

WordPress Plugin WP Background Takeover Directory Traversal (4.1.4)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2015-9253)

WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.33.1)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41307)

MySQL CVE-2019-2694 Vulnerability (CVE-2019-2694)

Severity

High

Classification

CWE-95 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Code Execution Information Disclosure