Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

43 matches found

Vulnrichment
Vulnrichmentadded 2023/06/09 5:33 a.m.14 views

CVE-2023-1910 Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

4.3CVSS6.7AI score0.00515EPSS
Exploits2References3
Wordfence Blog
Wordfence Blogadded 2023/06/06 1:0 p.m.31 views

Credential-Stealing Server Side Request Forgery Patched in Getwid

On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the sa...

5.5CVSS6.2AI score0.00606EPSS
Exploits2
WPVulnDB
WPVulnDBadded 2023/06/06 12:0 a.m.30 views

Getwid < 1.8.4 - Subscriber+ SSRF

The plugin does not validate a parameter via the getremotecontent REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack. Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has n...

9.6CVSS10AI score0.00606EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder