WordPress Plugin Vulnerabilities

Essential Blocks for Gutenberg < 4.4.10 - Missing Authorization

Description

The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with contributor-level access and above, to perform unauthorized actions.

Affects Plugins

Plugin icon
essential-blocks
Fixed in 4.4.10

References

CVE
CVE-2024-30467
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/569b5522-8f38-454b-a8b5-12e3959c3348

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
5311008b-71b1-45a3-a91a-b18f8da1dbbd

Timeline

Publicly Published
2024-03-28 (about 2 years ago)
Added
2024-04-04 (about 2 years ago)
Last Updated
2024-04-04 (about 2 years ago)

Other

Published
Title
Published
2023-06-03
Title
B2BKing < 4.6.20 - Subscriber+ Arbitrary Products Price Update
Published
2026-01-20
Title
OpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset
Published
2023-09-05
Title
Super Socializer < 7.13.55 - Missing Authorization
Published
2024-04-25
Title
XStore < 9.3.9 - Subscriber+ Arbitrary Options Update
Published
2024-12-11
Title
Awesome Support < 6.3.2 - Missing Authorization