CVE-2023-6963

MEDIUM

Getwid - Gutenberg Blocks <= 2.0.4 - Unauthenticated CAPTCHA Bypass via Omitted g-recaptcha-response

Title source: llm

Description

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.

References (2)

Core 2

Core References

Patch

https://plugins.trac.wordpress.org/changeset/3022982

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve

Scores

CVSS v3 5.3

EPSS 0.0053

EPSS Percentile 40.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-804 CWE-863

Status published

Products (2)

jetmonsters/Getwid – Gutenberg Blocks < 2.0.4

motopress/getwid < 2.0.5

Published Feb 05, 2024

Tracked Since Feb 18, 2026