Credential-Stealing Server Side Request Forgery Patched in Getwid

On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the sa...

WordPress Plugin Getwid Gutenberg Blocks 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

Getwid < 1.8.4 - Subscriber+ SSRF

The plugin does not validate a parameter via the getremotecontent REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack. Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has n...

WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF

On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the sa...

Getwid < 1.8.4 - Subscriber+ SSRF

The plugin does not validate a parameter via the getremotecontent REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack. Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has n...

WordPress Getwid – Gutenberg Blocks plugin <= 1.7.4 - Authenticated Information Disclosure vulnerability

Authenticated Information Disclosure vulnerability discovered in WordPress Getwid – Gutenberg Blocks plugin versions = 1.7.4. Solution Update the WordPress Getwid – Gutenberg Blocks plugin to the latest available version at least 1.7.7...

WordPress Getwid – Gutenberg Blocks plugin <= 1.7.4 - Cross-Site Request Forgery (CSRF) / Settings Change vulnerability

Cross-Site Request Forgery CSRF / Settings Change vulnerability discovered in WordPress Getwid – Gutenberg Blocks plugin versions = 1.7.4. Solution Update the WordPress Getwid – Gutenberg Blocks plugin to the latest available version at least 1.7.7...