WordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access Control
CVE-2022-47594

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Essential Blocks For Gutenberg
Vendor: CVE Published:; 13 December 2024

Summary

The vulnerability in WPDeveloper Essential Blocks for Gutenberg arises from a missing authorization check, leading to improperly configured access control security levels. This flaw can be exploited to permit unauthorized users to access restricted functionalities of the plugin, ultimately jeopardizing the security integrity of WordPress sites utilizing these blocks. It is crucial for administrators to assess their plugin versions and apply necessary updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Essential Blocks for Gutenberg <= 3.8.5

References

https://patchstack.com/database/wordpress/plugin/essentia...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 20, 2022

Credit

Lucio Sá (Patchstack Alliance)