CVE-2023-2086
published 2023-06-09CVE-2023-2086: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.57%
43.0th percentile
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpdeveloper | essential_blocks | <= 4.0.6 | — |
| wpdevteam | gutenberg_essential_blocks_page_builder_for_gutenberg_blocks_patterns | <= 4.0.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Essential Blocks Plugin up to 4.0.6 on WordPress template_count authorization
vuldb·2026-04-10·CVSS 4.3
CVE-2023-2086 [MEDIUM] Essential Blocks Plugin up to 4.0.6 on WordPress template_count authorization
A vulnerability was found in Essential Blocks Plugin up to 4.0.6 on WordPress. It has been declared as critical. The impacted element is the function template_count. Executing a manipulation can lead to missing authorization.
This vulnerability appears as CVE-2023-2086. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-xwcf-mprh-wpvw: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count f
ghsa_unreviewed·2023-06-09
CVE-2023-2086 [MEDIUM] CWE-862 GHSA-xwcf-mprh-wpvw: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count f
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.phphttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2https://www.wordfence.com/threat-intel/vulnerabilities/id/9efc782a-ec61-4741-81fd-a263a2739e16?source=cvehttps://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.phphttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2https://www.wordfence.com/threat-intel/vulnerabilities/id/9efc782a-ec61-4741-81fd-a263a2739e16?source=cve
2023-06-09
Published