CVE-2024-6491

CVSS V2 None CVSS V3 None

Description

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.

Overview

CVE ID
CVE-2024-6491

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-07-20T06:43:45.510Z

Last Modified Date
2024-07-20T06:43:45.510Z

Weakness Enumerations

CWE	URL
CWE-862	http://cwe.mitre.org/data/definitions/862.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/fb2be4cd-2641-4f7f-993c-1c78e5a1d5da?source=cve
https://plugins.trac.wordpress.org/browser/getwid/trunk/includes/blocks/mailchimp.php#L190
https://plugins.trac.wordpress.org/changeset/3119180/getwid/trunk/includes/blocks/mailchimp.php?contextall=1

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-6491
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6491

History

Created	Old Value	New Value	Data Type	Notes
2024-07-21 13:04:14				Added to TrackCVE