The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access or above, to change the plugin's settings. Additionally, no nonce check is performed resulting in a CSRF vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-05T06:50:29.799Z

Updated: 2024-08-01T20:33:51.675Z

Reserved: 2024-04-23T16:54:43.164Z

Link: CVE-2024-4088

cve-icon Vulnrichment

Updated: 2024-08-01T20:33:51.675Z

cve-icon NVD

Status : Modified

Published: 2024-06-05T07:15:45.910

Modified: 2024-11-21T09:42:10.300

Link: CVE-2024-4088

cve-icon Redhat

No data.