WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1948 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d76b6dbfa27e Credits Ngô Thiên An...

Getwid – Gutenberg Blocks < 2.0.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content

Description The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-6963

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array...

CVE-2023-6959

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...

Design/Logic Flaw

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2023-6963 Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array...

CVE-2023-6963 Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array...

CVE-2023-6963

CVE-2023-6963 : Getwid – Gutenberg Blocks (WordPress) is vulnerable to a CAPTCHA bypass in versions up to and including 2.0.4. An unauthenticated attacker can bypass the CAPTCHA verification of the Contact Form block by omitting 'g-recaptcha-response' from the data array. Root cause: CAPTCHA veri...

CVE-2023-6959

CVE-2023-6959 affects the WordPress plugin Getwid – Gutenberg Blocks. The issue is a missing capability check in the recaptcha_api_key_manage function, enabling unauthorized modification of Recaptcha Site Key and Recaptcha Secret Key by authenticated users with subscriber-level access or higher. ...

CVE-2023-6959 Getwid – Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2023-6959 Getwid – Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...

WordPress plugin Getwid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15142 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions prior to 2.0.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the recaptcha api key manage function. This makes it possible for...

WordPress plugin Getwid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15145 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.4 Description: The issue allows unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting the g-recaptcha-response from...

Getwid – Gutenberg Blocks < 2.0.5 - Captcha Bypass

Description The plugin is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array...

WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.4 is vulnerable to Broken Access Control

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6959 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64423091eee3 Credits Lucio Sá Required...

WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.4 is vulnerable to Bypass Vulnerability

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-6963 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cbf13618cdfb Credits Lucio Sá Required...

CVE-2023-6042 Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Any unauthenticated user may send e-mail from the site with any title or content to the admin...

CVE-2023-6042 Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Any unauthenticated user may send e-mail from the site with any title or content to the admin...