CVE-2023-6623

2024-01-1516:15:12

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-6623

essential blocks

wordpress plugin

unauthenticated attackers

local variables

rest api

local file inclusion attacks

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.093 Low

EPSS

Percentile

94.7%

JSON

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

Affected configurations

Vulners

NVD

Node

wpdeveloperessential_blocksRange<4.4.3

VendorProductVersionCPE
wpdeveloperessential_blocks*cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpdeveloper	essential_blocks	*	cpe:2.3:a:wpdeveloper:essential_blocks::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Essential Blocks",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.4.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]