cleantalk
Vulnerabilities and Security Researches

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates, CVE-2023-2083

CVE, Research URL

CVE-2023-2083

Home page URL

Security reports for Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Application

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Published on
Jun 09, 2023
Research Description
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
Affected versions
Min -, max 4.0.7.
Status
vulnerable
Previous vulnerability researches
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2023-51359) , Jun 10, 2024
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2025-1664) , Mar 09, 2025
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (0363ff3384ec03990bbda4e574d619ea16717f53) , Jun 06, 2024
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2023-2084) , Jun 06, 2024
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2023-2083) , Jun 06, 2024
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025