Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 3.0.7 – Unauthetnicated Path Traversal to Arbitrary Image View | CVE 2024-11219 | Plugin Vulnerabilities

Description

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information.

Affects Plugins

Fixed in 3.0.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c5e9ab63-d61e-40f1-a5cb-432f33dfd2a6

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

mikemyers

Verified

No

WPVDB ID

79e20dbb-a3d7-4453-b0e8-d68793a74d44

Timeline

Publicly Published

2024-11-26 (about 1 year ago)

Added

2024-11-26 (about 1 year ago)

Last Updated

2024-11-27 (about 1 year ago)

Other

Published

Title

Published

2014-08-01

Title

Theme My Login 6.3.9 - Local File Inclusion

Published

2025-02-24

Title

Pie Register Premium < 3.8.3.3 - Authenticated (Subscriber+) Limited File Deletion

Published

2014-09-17

Title

WP Content Source Control < 3.1.1 - Path Traversal

Published

2026-04-21

Title

Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read

Published

2022-01-17

Title

WP-Appbox < 4.3.18 - Authenticated Local File Inclusion