cleantalk
Vulnerabilities and Security Researches

Getwid – Gutenberg Blocks, CVE-2024-6489

CVE, Research URL

CVE-2024-6489

Home page URL

Security reports for Getwid – Gutenberg Blocks

Application

Getwid – Gutenberg Blocks

Published on
Jul 20, 2024
Research Description
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.
Affected versions
Min -, max 2.0.11.
Status
vulnerable
Previous vulnerability researches
WordPress Mega Menu Block (CVE-2025-48258) , May 21, 2025
Getwid – Gutenberg Blocks (CVE-2024-5020) , Dec 06, 2024
Getwid – Gutenberg Blocks (CVE-2024-10872) , Nov 21, 2024
Getwid – Gutenberg Blocks (46ab96992e56b41315f72ca10999a8d0155b4f49) , Jun 07, 2024
Getwid – Gutenberg Blocks (CVE-2023-1895) , Jun 07, 2024
New vulnerability
Import YouTube videos as WP Posts (CVE-2025-52802) , Jun 23, 2025
Download Attachments (CVE-2025-49995) , Jun 23, 2025
WP User Profile Avatar (CVE-2025-49980) , Jun 23, 2025
Mailing Group Listserv (CVE-2025-50036) , Jun 23, 2025
XML Travel Portal Widget (CVE-2025-49968) , Jun 23, 2025