WordPress Plugin Vulnerabilities

Getwid – Gutenberg Blocks < 2.0.5 - Captcha Bypass

Description

The plugin is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.

Affects Plugins

Plugin icon
getwid
Fixed in 2.0.5

References

CVE
CVE-2023-6963
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4

Miscellaneous

Original Researcher
Lucio Sá
Verified
No
WPVDB ID
4e85a327-afcf-4e08-bd88-6aeeb10503a8

Timeline

Publicly Published
2024-01-17 (about 2 years ago)
Added
2024-01-20 (about 2 years ago)
Last Updated
2024-01-20 (about 2 years ago)

Other

Published
Title
Published
2016-03-22
Title
Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download
Published
2025-11-10
Title
Hydra Booking < 1.1.28 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation
Published
2024-06-14
Title
WooCommerce - Social Login < 2.6.3 - Email Verification due to Insufficient Randomness
Published
2015-05-02
Title
Slideshow 2.2.8-2.2.21 - Option Value Disclosure
Published
2019-02-11
Title
Simple Social Buttons 2.0.4-2.0.21 - Authenticated Option Injection