Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Spectra – WordPress Gutenberg Blocks 2.6.6

  • Severity: high-risk
  • Status: Fixed
  • Publication: July 14, 2023

The Spectra plugin for WordPress is vulnerable to a type of cyber attack known as Server-Side Request Forgery. This type of attack is possible in versions of the plugin up to and including 2.6.6. It can be done using something called the import_wpforms function. Attackers who have been granted access to the website with permissions that are at least as high as a contributor can make web requests to external locations. This can be used to get and change information from services that are inside the web application.

Detected in:

Spectra – WordPress Gutenberg Blocks fixed vulnerable versions: >= * <= 2.6.6
Spectra Gutenberg Blocks – Website Builder for the Block Editor fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.