CVE-2023-2083
published 2023-06-09CVE-2023-2083: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.57%
42.7th percentile
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpdeveloper | essential_blocks | <= 4.0.6 | — |
| wpdevteam | gutenberg_essential_blocks_page_builder_for_gutenberg_blocks_patterns | <= 4.0.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Essential Blocks Plugin up to 4.0.6 on WordPress Save authorization
vuldb·2026-04-10·CVSS 4.3
CVE-2023-2083 [MEDIUM] Essential Blocks Plugin up to 4.0.6 on WordPress Save authorization
A vulnerability categorized as critical has been discovered in Essential Blocks Plugin up to 4.0.6 on WordPress. This impacts an unknown function of the component Save Handler. The manipulation results in missing authorization.
This vulnerability is known as CVE-2023-2083. It is possible to launch the attack remotely. No exploit is available.
GHSA
GHSA-qhh4-5cqj-p582: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in
ghsa_unreviewed·2023-06-09
CVE-2023-2083 [MEDIUM] CWE-862 GHSA-qhh4-5cqj-p582: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.phphttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2https://www.wordfence.com/threat-intel/vulnerabilities/id/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=cvehttps://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.phphttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2https://www.wordfence.com/threat-intel/vulnerabilities/id/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=cve
2023-06-09
Published