CVE-2023-6963 Vulnerability Details

  /     /     /  

CVE-2023-6963 Metadata Quick Info

CVE Published: 05/02/2024 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Wordfence | Vendor: jetmonsters | Product: Getwid – Gutenberg Blocks
Status : PUBLISHED

---

CVE-2023-6963 Description

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting \'g-recaptcha-response\' from the \'data\' array.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-804 Guessable CAPTCHA
Source: jetmonsters

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).