What is CVE-2024-3564?

CVE-2024-3564 is a high-severity vulnerability in Vanderwijk Content Blocks (Custom Post Widget), classified under PHP Remote File Inclusion. CVSS score: 8.8/10. Published 2024-06-01.

How severe is CVE-2024-3564?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Vanderwijk Content Blocks (Custom Post Widget)

CVE-2024-3564

The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers…

EPSS: 0.007 (72.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Vanderwijk Content Blocks (Custom Post Widget) — versions 0

Weakness classification (CWE)

CWE-98 — PHP Remote File Inclusion

References

www.wordfence.com/threat-intel/vulnerabilities/id/c5a0b8fe-d284-4780-84b5-2e97f…
plugins.trac.wordpress.org/changeset

Frequently asked questions

What is CVE-2024-3564?: CVE-2024-3564 is a high-severity vulnerability in Vanderwijk Content Blocks (Custom Post Widget), classified under PHP Remote File Inclusion. CVSS score: 8.8/10. Published 2024-06-01.
How severe is CVE-2024-3564?: High severity. CVSS v3 base score is 8.8 out of 10.