2 matches found
CVE-2023-2083
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...
CVE-2023-2083
CVE-2023-2083 affects the WordPress plugin “Essential Blocks” (versions up to 4.0.6). The root cause is a missing capability check on the save function, with a nonce check that only runs when a nonce is provided; without a nonce, nonce verification is skipped and no capability check occurs. This ...