CVE-2023-6623

Name of the Vulnerable Software and Affected Versions The Essential Blocks WordPress plugin versions prior to 4.4.3

Description The issue allows unauthenticated attackers to overwrite local variables when rendering templates over the REST API, potentially leading to Local File Inclusion attacks. Approximately 20,704 devices are affected, mainly in the United States and Germany.

Recommendations For versions prior to 4.4.3, update to version 4.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API until the update is applied.