exploitDog

CVE-2023-6963

Опубликовано: 05 фев. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.

Ссылки

https://plugins.trac.wordpress.org/changeset/3022982
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/3022982
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:motopress:getwid:*:*:*:*:*:wordpress:*:*

Версия до 2.0.5 (исключая)

EPSS

Процентиль: 32%

0.00122

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-h2p5-5xgm-h7m9

CVSS3: 5.3

github

около 2 лет назад

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.

EPSS

Процентиль: 32%

0.00122

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-863