CVE-2023-2084

Name of the Vulnerable Software and Affected Versions The Essential Blocks plugin for WordPress versions up to, and including, 4.0.6

Description The issue allows unauthorized use of functionality due to a missing capability check on the get function. This enables subscriber-level attackers to obtain plugin settings. Although a nonce check is present, it is only executed when a nonce is provided, and not providing a nonce results in the nonce verification being skipped.

Recommendations For versions up to, and including, 4.0.6, update to a version that includes a capability check on the get function to prevent unauthorized access. As a temporary workaround, consider implementing additional access controls to restrict subscriber-level access to plugin settings until a patch is available.