CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7071 – Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-7071
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates para WordPress es vulnerable a cross site scripting almacenado a través del bloque Table of Contents en todas las versiones hasta la 4.4.6 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/blocks/TableOfContents.php#L138 https://plugins.trac.wordpress.org/changeset/3018547/essential-blocks/tags/4.4.7/blocks/TableOfContents.php https://www.wordfence.com/threat-intel/vulnerabilities/id/f969cb24-734f-46e5-a74d-fddf8e61e096?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2023-6623 – Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2023-6623
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. El complemento de WordPress Essential Blocks anterior a 4.4.3 no impide que atacantes no autenticados sobrescriban variables locales al representar plantillas a través de la API REST, lo que puede provocar ataques de inclusión de archivos locales. The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.4.2 via the /wp-json/essential-blocks/v1/queries REST API endpoint. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3 https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4402 – Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products
https://notcve.org/view.php?id=CVE-2023-4402
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. El complemento Essential Blocks para WordPress es vulnerable a la inyección de objetos PHP en versiones hasta la 4.2.0 incluida a través de la deserialización de entradas que no son de confianza en la función get_products. • https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49 https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4386 – Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries
https://notcve.org/view.php?id=CVE-2023-4386
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. El complemento Essential Blocks para WordPress es vulnerable a la inyección de objetos PHP en versiones hasta la 4.2.0 incluida a través de la deserialización de entradas que no son de confianza en la función get_posts. • https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30 https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2084 – Essential Blocks <= 4.0.6 - Missing Authorization via get
https://notcve.org/view.php?id=CVE-2023-2084
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. • https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php https://www.wordfence.com/threat-intel/vulnerabilities/id/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=cve • CWE-862: Missing Authorization •