CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2023-23729 – Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization to Captcha Setting Update
https://notcve.org/view.php?id=CVE-2023-23729
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the forms_recaptcha function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with contributor-level permissions and above to modify the plugin's Captcha settings. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23738 – WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-23738
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0. La neutralización inadecuada de elementos especiales en la salida utilizada por una vulnerabilidad de componente posterior ('inyección') en Brainstorm Force Spectra permite la suplantación de contenido y el phishing. Este problema afecta a Spectra: desde n/a hasta 2.3.0. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to email spoofing in versions up to, and including, 2.3.1. This is due to insufficient validation of content being sent to an email. • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-unauthenticated-email-spoofing-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23735 – WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-23735
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Brainstorm Force Spectra permite la inyección de código. Este problema afecta a Spectra: desde n/a hasta 2.3.0. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to HTML injection via Email in versions up to, and including, 2.3.1. This is due to insufficient input validation and output escaping of content being sent via email. • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-unauthenticated-email-html-injection-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23825 – Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to WPForm/Blocks Import
https://notcve.org/view.php?id=CVE-2023-23825
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1 This is due to missing nonce validation on the import_wpforms and import_block functions called via AJAX actions. This makes it possible for unauthenticated attackers to import blocks and forms from WPForms. via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23730 – WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Captcha Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-23730
Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0. La vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en Brainstorm Force Spectra permite omitir la funcionalidad. Este problema afecta a Spectra: desde n/a hasta 2.3.0. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers to bypass the Captcha Verification. • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-804: Guessable CAPTCHA •