CVE-2024-4088

Name of the Vulnerable Software and Affected Versions Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress versions up to, and including, 1.9.2

Description The issue allows authenticated attackers with subscriber access or above to modify the plugin's settings due to a missing capability check on the disable fe assets function. Additionally, the lack of a nonce check results in a CSRF vulnerability, enabling attackers to change the plugin's settings without proper validation.

Recommendations For versions up to, and including, 1.9.2, update to a version that includes a fix for the missing capability check on the disable fe assets function and implements a nonce check to prevent CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.