CVE-2023-1910

Name of the Vulnerable Software and Affected Versions Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 1.8.3

Description The issue allows unauthorized modification of data due to an insufficient capability check on the get remote templates function. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint, but it is not considered sensitive as it is publicly accessible from the developer's site.

Recommendations For versions up to, and including, 1.8.3, update to a version higher than 1.8.3 to resolve the issue. As a temporary workaround, consider restricting access to the get remote templates function to prevent unauthorized modification of data.