cleantalk
Vulnerabilities and Security Researches

Getwid – Gutenberg Blocks, CVE-2023-1895

CVE, Research URL

CVE-2023-1895

Home page URL

Security reports for Getwid – Gutenberg Blocks

Application

Getwid – Gutenberg Blocks

Published on
Jun 09, 2023
Research Description
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
Min -, max 1.8.4.
Status
vulnerable
Previous vulnerability researches
WordPress Mega Menu Block (CVE-2025-48258) , May 21, 2025
Getwid – Gutenberg Blocks (CVE-2024-5020) , Dec 06, 2024
Getwid – Gutenberg Blocks (CVE-2024-10872) , Nov 21, 2024
Getwid – Gutenberg Blocks (46ab96992e56b41315f72ca10999a8d0155b4f49) , Jun 07, 2024
Getwid – Gutenberg Blocks (CVE-2023-1895) , Jun 07, 2024
New vulnerability
WPThumb (CVE-2025-49983) , Jun 23, 2025
TinyNav (CVE-2025-52781) , Jun 23, 2025
WP Register Profile With Shortcode (CVE-2025-50042) , Jun 22, 2025
WP Customer Area (CVE-2025-49982) , Jun 22, 2025
Polls CP (CVE-2025-50025) , Jun 22, 2025