CVE-2023-2085
published 2023-06-09CVE-2023-2085: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.61%
44.6th percentile
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpdeveloper | essential_blocks | <= 4.0.6 | — |
| wpdevteam | gutenberg_essential_blocks_page_builder_for_gutenberg_blocks_patterns | <= 4.0.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Essential Blocks Plugin up to 4.0.6 on WordPress authorization
vuldb·2026-04-10·CVSS 4.3
CVE-2023-2085 [MEDIUM] Essential Blocks Plugin up to 4.0.6 on WordPress authorization
A vulnerability was found in Essential Blocks Plugin up to 4.0.6 on WordPress. It has been rated as critical. This affects an unknown function. The manipulation leads to missing authorization.
This vulnerability is traded as CVE-2023-2085. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
GHSA-9xq7-j3qc-54qf: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates functi
ghsa_unreviewed·2023-06-09
CVE-2023-2085 [MEDIUM] CWE-862 GHSA-9xq7-j3qc-54qf: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates functi
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.phphttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2https://www.wordfence.com/threat-intel/vulnerabilities/id/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f?source=cvehttps://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.phphttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2https://www.wordfence.com/threat-intel/vulnerabilities/id/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f?source=cve
2023-06-09
Published