Getwid – Gutenberg Blocks < 2.0.5 – Missing Authorization to Recaptcha API Key Modification | CVE 2023-6959 | Plugin Vulnerabilities

Description

The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.

Affects Plugins

Fixed in 2.0.5

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/774c00fb-82cd-44ca-bf96-3f6dfd1977d0

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Lucio Sá

Verified

No

WPVDB ID

a0165a19-c251-4460-9a71-9b8e6c031272

Timeline

Publicly Published

2024-01-17 (about 2 years ago)

Added

2024-01-20 (about 2 years ago)

Last Updated

2024-01-20 (about 2 years ago)

Other

Published

Title

Published

2026-01-20

Title

Scalenut <= 1.1.3 - Missing Authorization

Published

2024-12-23

Title

WC Price History for Omnibus < 2.1.4 - Missing Authorization

Published

2023-06-08

Title

WP-Members Membership < 3.4.8 - Subscriber+ Unauthorized Plugin Settings Update

Published

2026-03-20

Title

WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms < 1.1.6 - Missing Authorization

Published

2024-10-25

Title

Forminator Forms – Contact Form, Payment Form & Custom Form Builder < 1.36.0 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation