The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
References
| Link | Resource |
|---|---|
| https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f | Exploit Third Party Advisory |
| https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:44
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/ - Exploit, Third Party Advisory | |
| References | () https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f - Exploit, Third Party Advisory |
19 Jan 2024, 18:33
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-22 | |
| First Time |
Wpdeveloper
Wpdeveloper essential Blocks |
|
| References | () https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/ - Exploit, Third Party Advisory | |
| References | () https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f - Exploit, Third Party Advisory |
15 Jan 2024, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-15 16:15
Updated : 2025-06-11 17:15
NVD link : CVE-2023-6623
Mitre link : CVE-2023-6623
CVE.ORG link : CVE-2023-6623
JSON object : View
Products Affected
wpdeveloper
- essential_blocks
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')