CVE-2023-51360: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2023-51360) was discovered in WPDeveloper Essential Blocks for Gutenberg, affecting versions through 4.2.0. The vulnerability was disclosed on December 9, 2024, and involves incorrectly configured access control security levels (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned a CVSS score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability allows attackers to exploit incorrectly configured access control security levels, potentially leading to unauthorized access and actions within the WordPress plugin. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected systems (NVD).

Users are advised to update to version 4.2.1 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking attacks until users update to a fixed version (Patchstack).