CVE-2023-6623

{"id": "CVE-2023-6623", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-01-15T16:15:12.573", "references": [{"url": "https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks."}, {"lang": "es", "value": "El complemento de WordPress Essential Blocks anterior a 4.4.3 no impide que atacantes no autenticados sobrescriban variables locales al representar plantillas a trav\u00e9s de la API REST, lo que puede provocar ataques de inclusi\u00f3n de archivos locales."}], "lastModified": "2024-01-19T18:33:55.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "38CCACCF-7D5B-4A17-94E9-CB42E8F062E2", "versionEndExcluding": "4.4.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}