The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access or above, to change the plugin's settings. Additionally, no nonce check is performed resulting in a CSRF vulnerability.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-06-05T06:50:29.799Z
Updated: 2024-06-05T12:58:03.457Z
Reserved: 2024-04-23T16:54:43.164Z
Link: CVE-2024-4088
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-06-05T07:15:45.910
Modified: 2024-06-11T17:11:30.193
Link: CVE-2024-4088
JSON object: View
Redhat Information
No data.
CWE