The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-15T15:10:40.328Z
Updated: 2024-08-02T08:35:14.900Z
Reserved: 2023-12-08T14:24:56.244Z
Link: CVE-2023-6623
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-15T16:15:12.573
Modified: 2024-01-19T18:33:55.500
Link: CVE-2023-6623
Redhat
No data.