exploitDog

CVE-2023-6623

Опубликовано: 15 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Высокий

Описание

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

Ссылки

https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f
Exploit
Third Party Advisory
https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*

Версия до 4.4.3 (исключая)

EPSS

Процентиль: 99%

0.88479

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-phjg-gj5x-8j96

CVSS3: 9.8

github

около 2 лет назад

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

EPSS

Процентиль: 99%

0.88479

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-22