CVE-2023-23730 - Vulnerability Details - OpenCVE

Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00133.

Key SSVC decision points have not yet been added.

Vendors	Products
Brainstormforce	Spectra

Configuration 1 [-]

cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-27816	Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0.

Fixes

Solution

Update to 2.3.1 or a higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability?_s_id=cve

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00148}`	epss `{'score': 0.0013}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00092}`	epss `{'score': 0.00148}`

Sat, 01 Mar 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Brainstormforce Brainstormforce spectra
CPEs		cpe:2.3:a:brainstormforce:spectra::::::wordpress::*
Vendors & Products		Brainstormforce Brainstormforce spectra

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-03T21:24:35.797Z

Updated: 2024-08-02T10:42:25.769Z

Reserved: 2023-01-17T15:49:23.462Z

Link: CVE-2023-23730

Vulnrichment

Updated: 2024-08-02T10:42:25.769Z

NVD

Status : Analyzed

Published: 2024-06-03T22:15:08.840

Modified: 2025-04-10T18:38:28.580

Link: CVE-2023-23730

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23730", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-01-17T15:49:23.462Z", "datePublished": "2024-06-03T21:24:35.797Z", "dateUpdated": "2024-08-02T10:42:25.769Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "ultimate-addons-for-gutenberg", "product": "Spectra", "vendor": "Brainstorm Force", "versions": [{"changes": [{"at": "2.3.1", "status": "unaffected"}], "lessThanOrEqual": "2.3.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dave Jong (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.<p>This issue affects Spectra: from n/a through 2.3.0.</p>"}], "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0."}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-03T21:24:35.797Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 2.3.1 or a higher version."}], "value": "Update to 2.3.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Spectra \u2013 WordPress Gutenberg Blocks plugin <= 2.3.0 - Captcha Bypass Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "brainstormforce", "product": "spectra", "cpes": ["cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.3.0", "versionType": "custom"}, {"version": "2.3.1", "status": "unaffected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-04T19:15:04.370781Z", "id": "CVE-2023-23730", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T13:30:51.929Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:25.769Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:25.769Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-23730", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-04T19:15:04.370781Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:*:*:*"], "vendor": "brainstormforce", "product": "spectra", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.3.0"}, {"status": "unaffected", "version": "2.3.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T19:09:45.686Z"}}], "cna": {"title": "WordPress Spectra \u2013 WordPress Gutenberg Blocks plugin <= 2.3.0 - Captcha Bypass Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dave Jong (Patchstack)"}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brainstorm Force", "product": "Spectra", "versions": [{"status": "affected", "changes": [{"at": "2.3.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.3.0"}], "packageName": "ultimate-addons-for-gutenberg", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 2.3.1 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 2.3.1 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0.", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.<p>This issue affects Spectra: from n/a through 2.3.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-03T21:24:35.797Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23730", "state": "PUBLISHED", "dateUpdated": "2024-08-02T10:42:25.769Z", "dateReserved": "2023-01-17T15:49:23.462Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-06-03T21:24:35.797Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "680A7F2F-31DF-4E4E-A34A-FE64E51D5C43", "versionEndExcluding": "2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0."}, {"lang": "es", "value": "La vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en Brainstorm Force Spectra permite omitir la funcionalidad. Este problema afecta a Spectra: desde n/a hasta 2.3.0."}], "id": "CVE-2023-23730", "lastModified": "2025-04-10T18:38:28.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-03T22:15:08.840", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-captcha-bypass-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "audit@patchstack.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}