CVE-2021-24546

Summary

The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code

Affected Software

VendorProductVersion RangeStatus
UnknownGutenberg Block Editor Toolkit – EditorsKit1.31.6 < 1.31.6affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References