Description

WordPress Plugin Spectra-WordPress Gutenberg Blocks is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently change some settings, or inject content into pages and posts. WordPress Plugin Spectra-WordPress Gutenberg Blocks version 2.3.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.3.2 or latest

References

https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-broken-access-control-csrf-on-import-wpforms-vulnerability

https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-contributor-recaptcha-settings-change-vulnerability

https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability

https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-unauthenticated-email-html-injection-vulnerability

https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-unauthenticated-email-spoofing-vulnerability

https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-broken-access-control-csrf-on-activate-plugin-vulnerability

https://plugins.svn.wordpress.org/ultimate-addons-for-gutenberg/trunk/readme.txt

Related Vulnerabilities

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-3850)

WordPress Plugin Ibtana-Ecommerce Product Addons Cross-Site Scripting (0.2.3)

Python Integer Overflow or Wraparound Vulnerability (CVE-2015-1283)

WordPress Plugin WP Source Control Directory Traversal (3.0.0)

WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32)

Severity

High

Classification

CVE-2023-23729 CVE-2023-23730 CVE-2023-23735 CVE-2023-23738 CVE-2023-23825 CVE-2023-23834 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass