The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-59155 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 25 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Motopress getwid
CPEs cpe:2.3:a:motopress:getwid_-_gutenberg_blocks:*:*:*:*:*:wordpress:*:* cpe:2.3:a:motopress:getwid:*:*:*:*:*:wordpress:*:*
Vendors & Products Motopress getwid - Gutenberg Blocks
Motopress getwid

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-08-02T08:50:06.710Z

Reserved: 2023-12-19T19:24:31.193Z

Link: CVE-2023-6959

cve-icon Vulnrichment

Updated: 2024-08-02T08:50:06.710Z

cve-icon NVD

Status : Modified

Published: 2024-02-05T22:15:57.767

Modified: 2024-11-25T16:47:33.943

Link: CVE-2023-6959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.