Vulnerability Description
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpdeveloper | Essential Blocks | < 4.4.3 |
Related Weaknesses (CWE)
References
- https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4ExploitThird Party Advisory
- https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41fExploitThird Party Advisory
- https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4ExploitThird Party Advisory
- https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41fExploitThird Party Advisory
FAQ
What is CVE-2023-6623?
CVE-2023-6623 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File ...
How severe is CVE-2023-6623?
CVE-2023-6623 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-6623?
Check the references section above for vendor advisories and patch information. Affected products include: Wpdeveloper Essential Blocks.