WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.8.5 - Broken Access Control vulnerability
CVE-2023-35875

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Gutenverse
Vendor: CVE Published:; 13 December 2024

What is CVE-2023-35875?

The Jegstudio Gutenverse plugin is affected by a missing authorization vulnerability that stems from an improperly configured access control mechanism. Attackers can exploit this issue, potentially gaining unauthorized access to sensitive functionalities or data within the platform. This vulnerability impacts various versions of the Gutenverse plugin, making it critical for users to ensure that their installations are updated and properly configured to safeguard against potential exploitation.

Affected Version(s)

Gutenverse <= 1.8.5

References

https://patchstack.com/database/wordpress/plugin/gutenver...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Jun 19, 2023

Credit

Mika (Patchstack Alliance)