Missing Authorization Vulnerability Affects Essential Blocks for Gutenberg
CVE-2024-30467

8.8HIGH

Key Information:

Vendor: WordPress
Status: Essential Blocks For Gutenberg
Vendor: CVE Published:; 9 June 2024

Summary

A missing authorization vulnerability exists in WPDeveloper's Essential Blocks for Gutenberg, enabling unauthorized users to access restricted functionalities. This vulnerability affects versions from undefined through 4.4.9, posing a risk to WordPress sites using this plugin. Proper security measures should be taken to validate user permissions, ensuring that only authorized individuals can access sensitive features and data.

Affected Version(s)

Essential Blocks for Gutenberg <= 4.4.9

References

https://patchstack.com/database/vulnerability/essential-b...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

Rafie Muhammad (Patchstack)