Lucene search
PRIOn knowledge basePRION:CVE-2023-1910HistoryJun 09, 2023 - 6:15 a.m.
Design/Logic Flaw
2023-06-0906:15:00
PRIOn knowledge base
www.prio-n.com
5
getwid gutenberg blocks
wordpress plugin
unauthorized modification
insufficient capability check
data vulnerability
version 1.8.3
authenticated attackers
subscriber-level permissions
remote template cache
cached template information
public accessibility
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer’s site.
| CPE | Name | Operator | Version |
|---|---|---|---|
| getwid_-_gutenberg_blocks | le | 1.8.3 |
Related
nvd
nvd
CVE-2023-1910
2023-06-09 06:15:59
cve
cve
CVE-2023-1910
2023-06-09 06:15:59
cvelist
cvelist
CVE-2023-1910
2023-06-09 05:33:20
wpvulndb
wpvulndb
Getwid < 1.8.4 - Subscriber+ SSRF
2023-06-06 00:00:00
packetstorm
packetstorm
WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF
2023-06-06 00:00:00
wordfence
wordfence
wpexploit
wpexploit
Getwid < 1.8.4 - Subscriber+ SSRF
2023-06-06 00:00:00