CVE-2023-6959

Name of the Vulnerable Software and Affected Versions Getwid – Gutenberg Blocks plugin for WordPress versions prior to 2.0.4

Description The issue allows unauthorized modification of data due to a missing capability check on the recaptcha api key manage function. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.

Recommendations For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the recaptcha api key manage function to prevent unauthorized modifications.