CVE-2023-6963

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3022982	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve	Third Party Advisory
https://plugins.trac.wordpress.org/changeset/3022982	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:motopress:getwid:*:*:*:*:*:wordpress:*:*

History

25 Nov 2024, 16:47

Type	Values Removed	Values Added
First Time		Motopress getwid
CPE	cpe:2.3:a:motopress:getwid_-_gutenberg_blocks::::::wordpress::*	cpe:2.3:a:motopress:getwid::::::wordpress::*

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References	~~() https://plugins.trac.wordpress.org/changeset/3022982 - Patch~~	() https://plugins.trac.wordpress.org/changeset/3022982 - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve - Third Party Advisory~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve - Third Party Advisory

14 Feb 2024, 17:05

Type	Values Removed	Values Added
References	~~() https://plugins.trac.wordpress.org/changeset/3022982 -~~	() https://plugins.trac.wordpress.org/changeset/3022982 - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve - Third Party Advisory
CPE		cpe:2.3:a:motopress:getwid_-_gutenberg_blocks::::::wordpress::*
CWE		CWE-863
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
First Time		Motopress getwid - Gutenberg Blocks Motopress

05 Feb 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-05 22:15

Updated : 2024-11-25 16:47

NVD link : CVE-2023-6963

Mitre link : CVE-2023-6963

CVE.ORG link : CVE-2023-6963

JSON object : View

Products Affected

motopress

getwid

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2023-6963", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-02-05T22:15:57.930", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3022982", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3022982", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array."}, {"lang": "es", "value": "El complemento Getwid \u2013 Gutenberg Blocks para WordPress es vulnerable a CAPTCHA Bypass en versiones hasta la 2.0.4 incluida. Esto hace posible que atacantes no autenticados omitan la verificaci\u00f3n de Captcha del bloque del formulario de contacto omitiendo 'g-recaptcha-response' de la matriz 'data'."}], "lastModified": "2024-11-25T16:47:33.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:motopress:getwid:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0833C63F-9D16-4F31-8298-DFDCAEE50F59", "versionEndExcluding": "2.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}

5.3 /10