cleantalk
Vulnerabilities and Security Researches

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE, CVE-2023-2288

CVE, Research URL

CVE-2023-2288

Home page URL

Security reports for Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Application

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Published on
May 30, 2023
Research Description
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.
Affected versions
Min -, max 2.2.6.
Status
vulnerable
Previous vulnerability researches
Otter Blocks &#8211; Gutenberg Blocks, Page Builder for Gutenberg Editor &amp; FSE (CVE-2024-3343) , Jun 07, 2024
Otter Blocks &#8211; Gutenberg Blocks, Page Builder for Gutenberg Editor &amp; FSE (CVE-2024-2729) , Jun 07, 2024
Otter Blocks &#8211; Gutenberg Blocks, Page Builder for Gutenberg Editor &amp; FSE (CVE-2024-3725) , Jun 07, 2024
Otter Blocks &#8211; Gutenberg Blocks, Page Builder for Gutenberg Editor &amp; FSE (CVE-2023-2288) , Jun 07, 2024
Otter Blocks &#8211; Gutenberg Blocks, Page Builder for Gutenberg Editor &amp; FSE (CVE-2024-2226) , Jun 07, 2024
New vulnerability
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025
Notice Bar (CVE-2025-49389) , Aug 23, 2025
Testimonial (CVE-2025-49410) , Aug 23, 2025
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2025-8607) , Aug 23, 2025