CVE-2023-1895
Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery
Severity Score
9.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
WordPress Getwid Gutenberg Blocks plugin versions 1.8.3 and below suffer from improper authorization and server-side request forgery vulnerabilities.
*Credits:
Ramuel Gall
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-04-05 CVE Reserved
- 2023-06-06 CVE Published
- 2024-12-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php | Issue Tracking | |
https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Motopress Search vendor "Motopress" | Getwid - Gutenberg Blocks Search vendor "Motopress" for product "Getwid - Gutenberg Blocks" | <= 1.8.3 Search vendor "Motopress" for product "Getwid - Gutenberg Blocks" and version " <= 1.8.3" | wordpress |
Affected
|