The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
History

Fri, 16 May 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Godaddy
Godaddy coblocks
Weaknesses CWE-918
CPEs cpe:2.3:a:godaddy:coblocks:*:*:*:*:*:wordpress:*:*
Vendors & Products Godaddy
Godaddy coblocks

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-07-23T06:00:02.295Z

Updated: 2024-08-01T20:33:52.992Z

Reserved: 2024-04-26T14:47:07.157Z

Link: CVE-2024-4260

cve-icon Vulnrichment

Updated: 2024-08-01T20:33:52.992Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-23T06:15:09.907

Modified: 2025-05-16T12:44:21.013

Link: CVE-2024-4260

cve-icon Redhat

No data.