CVE-2023-6623
📋 TL;DR
This vulnerability in the Essential Blocks WordPress plugin allows unauthenticated attackers to overwrite local variables when rendering templates via REST API, potentially leading to Local File Inclusion (LFI) attacks. Attackers could read sensitive files from the server. All WordPress sites using Essential Blocks versions before 4.4.3 are affected.
💻 Affected Systems
- Essential Blocks for WordPress
📦 What is this software?
Essential Blocks by Wpdeveloper
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through LFI leading to remote code execution, sensitive file disclosure (including configuration files with database credentials), and potential website defacement.
Likely Case
Unauthenticated attackers reading sensitive server files like wp-config.php containing database credentials, potentially leading to database compromise.
If Mitigated
Limited impact if proper file permissions restrict sensitive file access, though information disclosure still possible.
🎯 Exploit Status
WPScan has published technical details and proof-of-concept. The vulnerability requires no authentication and has simple exploitation steps.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.4.3
Vendor Advisory: https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Essential Blocks. 4. Click 'Update Now' if update available. 5. Alternatively, download version 4.4.3+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable REST API endpoint
allTemporarily disable the vulnerable REST API endpoint until patching
Add to wp-config.php: define('EB_REST_API_DISABLED', true);
Disable plugin
allTemporarily disable Essential Blocks plugin
Navigate to WordPress admin → Plugins → Installed Plugins → Deactivate Essential Blocks
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block LFI patterns and REST API exploitation attempts
- Restrict file system permissions to prevent reading sensitive configuration files
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Essential Blocks version numberCheck Version:
wp plugin list --name=essential-blocks --field=versionVerify Fix Applied:
Verify Essential Blocks version is 4.4.3 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual REST API requests to Essential Blocks endpoints
- File inclusion patterns in web server logs
- Multiple 404 errors for non-existent template files
Network Indicators:
- HTTP requests containing file path traversal patterns (../)
- REST API requests to /wp-json/essential-blocks/ endpoints with suspicious parameters
SIEM Query:
source="web_server" AND (uri="*wp-json/essential-blocks/*" AND (param="*../*" OR param="*file=*"))🔗 References
- https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
- https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f
- https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
- https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f
