Getwid Security Vulnerabilities and Issues — Getwid CVE List

Lucene search

MotopressGetwid

10 matches found

CVE•added 2024/07/20 7:15 a.m.•81 views

CVE-2024-6489

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access ...

5.3CVSS5AI score0.00104EPSS

CVE•added 2023/06/09 6:15 a.m.•73 views

CVE-2023-1895

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary l...

9.6CVSS9AI score0.00169EPSS

CVE•added 2024/07/20 7:15 a.m.•73 views

CVE-2024-6491

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level a...

4.3CVSS4.3AI score0.00101EPSS

CVE•added 2024/01/08 7:15 p.m.•51 views

CVE-2023-6042

Any unauthenticated user may send e-mail from the site with any title or content to the admin

7.5CVSS7.5AI score0.00392EPSS

CVE•added 2023/06/09 6:15 a.m.•48 views

CVE-2023-1910

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permis...

4.3CVSS6.2AI score0.00066EPSS

CVE•added 2024/04/09 7:15 p.m.•46 views

CVE-2024-1948

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access a...

6.4CVSS7.6AI score0.00157EPSS

CVE•added 2024/02/05 10:15 p.m.•37 views

CVE-2023-6963

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.

5.3CVSS5.6AI score0.00122EPSS

CVE•added 2024/11/20 11:15 a.m.•35 views

CVE-2024-10872

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template-post-custom-field block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ...

6.4CVSS5.4AI score0.00036EPSS

CVE•added 2024/02/05 10:15 p.m.•34 views

CVE-2023-6959

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acc...

4.3CVSS4.6AI score0.00119EPSS

CVE•added 2024/05/02 5:15 p.m.•32 views

CVE-2024-3588

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5.7AI score0.00289EPSS