What is CVE-2023-6623?

CVE-2023-6623 is a vulnerability in Essential Blocks, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). Published 2024-01-15.

Is CVE-2023-6623 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Essential Blocks

CVE-2023-6623

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

EPSS: 0.881 (99.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Essential Blocks — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f (exploit, vdb-entry, technical-description)
wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/

Frequently asked questions

What is CVE-2023-6623?: CVE-2023-6623 is a vulnerability in Essential Blocks, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). Published 2024-01-15.
Is CVE-2023-6623 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.