{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6623", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-12-08T14:24:56.244Z", "datePublished": "2024-01-15T15:10:40.328Z", "dateUpdated": "2024-08-02T08:35:14.900Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-01-15T15:10:40.328Z"}, "title": "Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion", "problemTypes": [{"descriptions": [{"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Essential Blocks", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "4.4.3"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks."}], "references": [{"url": "https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f", "tags": ["exploit", "vdb-entry", "technical-description"]}, {"url": "https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/"}], "credits": [{"lang": "en", "value": "Marc Montpas", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.900Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "38CCACCF-7D5B-4A17-94E9-CB42E8F062E2", "versionEndExcluding": "4.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks."}, {"lang": "es", "value": "El complemento de WordPress Essential Blocks anterior a 4.4.3 no impide que atacantes no autenticados sobrescriban variables locales al representar plantillas a trav\u00e9s de la API REST, lo que puede provocar ataques de inclusi\u00f3n de archivos locales."}], "id": "CVE-2023-6623", "lastModified": "2024-01-19T18:33:55.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-15T16:15:12.573", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}