Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 – Missing Authorization | CVE 2024-1095 | Plugin Vulnerabilities

Description

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings.

Affects Plugins

control-block-patterns

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/38f09a45-2b11-47c7-af16-c7f9c3a46e0e

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

f13a9d24-a253-4470-8cc3-74447b7648d5

Timeline

Publicly Published

2024-03-04 (about 2 years ago)

Added

2024-03-04 (about 2 years ago)

Last Updated

2024-03-04 (about 2 years ago)

Other

Published

Title

Published

2026-01-10

Title

Suggestion Toolkit <= 5.0 - Missing Authorization

Published

2025-04-02

Title

Shopify to WooCommerce Migration <= 1.3.0 - Missing Authorization to Unauthenticated Settings Update

Published

2026-02-04

Title

Addonify – Compare Products For WooCommerce < 1.1.18 - Missing Authorization to Unauthenticated Settings Update

Published

2026-02-14

Title

Ultimate Review <= 2.3.9 - Missing Authorization

Published

2025-07-18

Title

Vchasno Kasa < 1.0.4 - Unauthenticated Log File Clearing