Description
WordPress Plugin Spectra-WordPress Gutenberg Blocks is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change plugin's settings. WordPress Plugin Spectra-WordPress Gutenberg Blocks version 1.14.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.14.8 or latest
References
https://blog.nintechnet.com/wordpress-ultimate-addons-for-gutenberg-plugin-fixed-vulnerability/
https://plugins.svn.wordpress.org/ultimate-addons-for-gutenberg/trunk/readme.txt
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4789)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)
WordPress Plugin WP Survey And Quiz Tool 'rowcount' Parameter Cross-Site Scripting (2.9.2)
Jenkins Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-2612)