cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10872,https://securityvulnerability.io/vulnerability/CVE-2024-10872,Stored Cross-Site Scripting Vulnerability in Gutenberg Blocks,"The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Getwid – Gutenberg Blocks,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-11-20T11:03:43.205Z,0
CVE-2024-6489,https://securityvulnerability.io/vulnerability/CVE-2024-6489,Unauthorized Modification of Data in Getwid's Gutenberg Blocks Plugin Affects MailChImp API Key,"The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.",Wordpress,Getwid – Gutenberg Blocks,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-20T06:43:48.168Z,0
CVE-2024-6491,https://securityvulnerability.io/vulnerability/CVE-2024-6491,Unauthorized Modification of Data via MailChimp API Key Vulnerability,"The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.",Wordpress,Getwid – Gutenberg Blocks,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-20T06:43:45.510Z,0
CVE-2024-3588,https://securityvulnerability.io/vulnerability/CVE-2024-3588,Stored Cross-Site Scripting Vulnerability in Gutenberg Blocks Plugin,"The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Getwid – Gutenberg Blocks,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:36.257Z,0
CVE-2024-1948,https://securityvulnerability.io/vulnerability/CVE-2024-1948,Stored Cross-Site Scripting Vulnerability in Getwid – Gutenberg Blocks Plugin,"The Getwid – Gutenberg Blocks plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping. This vulnerability allows authenticated users with contributor roles or higher to inject malicious scripts into the block content. These arbitrary scripts can then execute in the context of users accessing the compromised pages, posing significant security risks. It is crucial for users to ensure they are using a patched version of the plugin to mitigate potential exposure.",Wordpress,Getwid – Gutenberg Blocks,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:54.533Z,0
CVE-2023-6963,https://securityvulnerability.io/vulnerability/CVE-2023-6963,Gutenberg Blocks Plugin Vulnerable to CAPTCHA Bypass,"The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.",Wordpress,Getwid – Gutenberg Blocks,5.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2024-02-05T21:22:02.318Z,0
CVE-2023-6959,https://securityvulnerability.io/vulnerability/CVE-2023-6959,Unauthorized Modification of Data Vulnerability in Gutenberg Blocks Plugin,"The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.",Wordpress,Getwid – Gutenberg Blocks,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:49.970Z,0
CVE-2023-1895,https://securityvulnerability.io/vulnerability/CVE-2023-1895,Server Side Request Forgery Vulnerability in Getwid – Gutenberg Blocks for WordPress,"The Getwid – Gutenberg Blocks plugin for WordPress contains a Server Side Request Forgery vulnerability in the get_remote_content REST API endpoint. This allows authenticated attackers with subscriber-level permissions or higher to send crafted web requests to arbitrary external locations from within the web application. As a result, attackers could exploit this flaw to access, manipulate, or exfiltrate sensitive information from internal services, posing a significant security risk.",Wordpress,Getwid – Gutenberg Blocks,8.5,HIGH,0.0008099999977275729,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-1910,https://securityvulnerability.io/vulnerability/CVE-2023-1910,Unauthorized Data Modification in Getwid – Gutenberg Blocks Plugin for WordPress,"The Getwid – Gutenberg Blocks plugin for WordPress is susceptible to unauthorized data modification due to inadequate capability checks in the get_remote_templates function. This vulnerability affects versions up to and including 1.8.3, allowing authenticated users with subscriber-level access or higher to flush the remote template cache. Although cached template information can be accessed through this function, it is publicly available and not deemed sensitive. This creates a risk where attackers could manipulate template cache without sufficient verification.",Wordpress,Getwid – Gutenberg Blocks,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0