CVE-2023-6963

Name of the Vulnerable Software and Affected Versions Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.4

Description The issue allows unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting the g-recaptcha-response from the data array. This enables potential abuse of the contact form without proper verification.

Recommendations For versions up to, and including, 2.0.4, update to a version higher than 2.0.4 to resolve the issue. As a temporary workaround, consider implementing additional verification measures for the Contact Form block until a patch is available. Restrict access to the Contact Form block to minimize the risk of exploitation. Avoid using the Contact Form block until the issue is resolved.