CVE-2024-3107
Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information.
El complemento Spectra – WordPress Gutenberg Blocks para WordPress es vulnerable a Path Traversal en versiones hasta la 2.12.6 incluida a través de la función get_block_default_attributes. Esto permite a atacantes autenticados, con permisos de nivel de colaborador y superiores, leer el contenido de cualquier archivo llamado atributos.php en el servidor, que puede contener información confidencial.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-29 CVE Reserved
- 2024-04-26 CVE Published
- 2024-05-03 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Brainstormforce Search vendor "Brainstormforce" | Spectra – WordPress Gutenberg Blocks Search vendor "Brainstormforce" for product "Spectra – WordPress Gutenberg Blocks" | <= 2.12.6 Search vendor "Brainstormforce" for product "Spectra – WordPress Gutenberg Blocks" and version " <= 2.12.6" | en |
Affected
| ||||||