CVE-2024-11219: 
WordPress vulnerability analysis and mitigation

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress contains a Path Traversal vulnerability (CVE-2024-11219) affecting all versions up to and including 3.0.6. The vulnerability was discovered and disclosed on November 26, 2024, with a CVSS score of 5.3 (Medium) (Wordfence Intel).

The vulnerability exists in the get_image function of the plugin, which fails to properly restrict pathname access. This is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The vulnerability has a CVSS v3.1 base score of 5.3 with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity and no authentication requirements (NVD Database).

The vulnerability allows unauthenticated attackers to view arbitrary images on the server, which may contain sensitive information. The impact is primarily focused on confidentiality, with no direct effect on integrity or availability of the system (NVD Database).

Users should update their Otter Blocks plugin to a version newer than 3.0.6 to address this vulnerability (NVD Database).