CVE-2023-6042
Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Any unauthenticated user may send e-mail from the site with any title or content to the admin
Cualquier usuario no autenticado puede enviar un correo electrónico desde el sitio con cualquier título o contenido al administrador.
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to insufficient limitations on the content of emails sent in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to send emails to the site admin with arbitrary content from the site.
*Credits:
Krzysztof Zając (CERT PL), WPScan
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-08 CVE Reserved
- 2023-12-15 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-12-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/56a1c050-67b5-43bc-b5b6-28d9a5a59eba | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Motopress Search vendor "Motopress" | Getwid - Gutenberg Blocks Search vendor "Motopress" for product "Getwid - Gutenberg Blocks" | < 2.0.3 Search vendor "Motopress" for product "Getwid - Gutenberg Blocks" and version " < 2.0.3" | wordpress |
Affected
|