Lucene search
K

28 matches found

NVD
NVD
added 2023/06/09 6:16 a.m.24 views

CVE-2023-2087

The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged...

4.3CVSS4.2AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2023/06/09 6:16 a.m.30 views

CVE-2023-2084

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...

4.3CVSS4.3AI score0.00513EPSS
Exploits0References2
Prion
Prion
added 2023/06/09 6:16 a.m.20 views

Design/Logic Flaw

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...

4CVSS4.5AI score0.00567EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/06/09 6:16 a.m.27 views

Cross site request forgery (csrf)

The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged...

4.3CVSS4.3AI score0.00323EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.18 views

CVE-2023-2087 Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save

The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged...

4.3CVSS6.6AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.30 views

CVE-2023-2085 Essential Blocks <= 4.0.6 - Missing Authorization via templates

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a...

4.3CVSS4.6AI score0.00607EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.43 views

CVE-2023-2084 Essential Blocks <= 4.0.6 - Missing Authorization via get

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...

4.3CVSS4.6AI score0.00513EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.6 views

WordPress Plugin Essential Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.4AI score0.00607EPSS
Exploits0References4
Rows per page
Query Builder