First published: Mon Oct 11 2021(Updated: )
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Extendify Editorskit | <1.31.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Gutenberg Block Editor Toolkit vulnerability is CVE-2021-24546.
The severity of CVE-2021-24546 is high with a severity value of 8.8.
The Gutenberg Block Editor Toolkit before version 1.31.6 is affected by CVE-2021-24546.
CVE-2021-24546 describes a vulnerability in the Gutenberg Block Editor Toolkit WordPress plugin that allows users with a low contributor role to execute arbitrary PHP code.
To fix the CVE-2021-24546 vulnerability, update the Gutenberg Block Editor Toolkit WordPress plugin to version 1.31.6 or later.