CVE-2023-6963

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

T

he Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3022982	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve	Third Party Advisory
https://plugins.trac.wordpress.org/changeset/3022982	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:motopress:getwid:*:*:*:*:*:wordpress:*:*

History

25 Nov 2024, 16:47

Type	Values Removed	Values Added
CPE	cpe:2.3:a:motopress:getwid_-_gutenberg_blocks::::::wordpress::*	cpe:2.3:a:motopress:getwid::::::wordpress::*
First Time		Motopress getwid

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References	~~() https://plugins.trac.wordpress.org/changeset/3022982 - Patch~~	() https://plugins.trac.wordpress.org/changeset/3022982 - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve - Third Party Advisory~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve - Third Party Advisory

Information

Published : 2024-02-05 22:15

Updated : 2024-11-25 16:47

NVD link : CVE-2023-6963

Mitre link : CVE-2023-6963

CVE.ORG link : CVE-2023-6963

JSON object : View

Products Affected

getwid

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2023-6963", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-02-05T22:15:57.930", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3022982", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3022982", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array."}, {"lang": "es", "value": "El complemento Getwid \u2013 Gutenberg Blocks para WordPress es vulnerable a CAPTCHA Bypass en versiones hasta la 2.0.4 incluida. Esto hace posible que atacantes no autenticados omitan la verificaci\u00f3n de Captcha del bloque del formulario de contacto omitiendo 'g-recaptcha-response' de la matriz 'data'."}], "lastModified": "2024-11-25T16:47:33.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:motopress:getwid:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0833C63F-9D16-4F31-8298-DFDCAEE50F59", "versionEndExcluding": "2.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}