Path Traversal Vulnerability in Spectra WordPress Gutenberg Blocks Plugin
CVE-2024-3107

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Spectra – WordPress Gutenberg Blocks
Vendor: CVE Published:; 2 May 2024

Summary

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is susceptible to a Path Traversal vulnerability allowing authenticated users with contributor-level permissions and higher to exploit the get_block_default_attributes function. This flaw permits unauthorized access to read sensitive data stored in attributes.php files located on the server, potentially exposing critical information and compromising the security of the web application.

Affected Version(s)

Spectra – WordPress Gutenberg Blocks * <= 2.12.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/ultimate-addon...

https://plugins.trac.wordpress.org/changeset/3062684/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Ngô Thiên An