CVE-2023-6635 – The EditorsKit WordPress plugin has an arbitrar... (How to Fix)

Q: What is the severity of CVE-2023-6635?

CVE-2023-6635 has a CVSS score of 7.2 (HIGH). The EditorsKit WordPress plugin has an arbitrary file upload vulnerability in versions up to 1.40.3. Authenticated attackers with administrator privileges can upload malicious files to the server, potentially leading to remote code execution. This affects WordPress sites using the vulnerable plugin version.

📋 TL;DR

The EditorsKit WordPress plugin has an arbitrary file upload vulnerability in versions up to 1.40.3. Authenticated attackers with administrator privileges can upload malicious files to the server, potentially leading to remote code execution. This affects WordPress sites using the vulnerable plugin version.

💻 Affected Systems

Products:

WordPress EditorsKit plugin (also called Block Options)

Versions: Up to and including 1.40.3

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have administrator-level WordPress access. Plugin may be installed as 'Block Options' in some distributions.

📦 What is this software?

Editorskit by Extendify

View all CVEs affecting Editorskit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, deface websites, or pivot to internal networks.

🟠

Likely Case

Website defacement, malware injection, data theft, or creation of persistent backdoors for future attacks.

🟢

If Mitigated

Limited impact if proper file upload validation and server hardening are in place, though the vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials but is straightforward once access is obtained. Public proof-of-concept exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.40.4 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3010794/block-options

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'EditorsKit' or 'Block Options'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.40.4+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the EditorsKit plugin until patched

wp plugin deactivate editorskit

Restrict administrator accounts

all

Implement strong authentication controls and limit administrator accounts

🧯 If You Can't Patch

Implement web application firewall rules to block file uploads to the vulnerable endpoint
Enable file integrity monitoring on WordPress upload directories and alert on unexpected file creations

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → EditorsKit → Version. If version is 1.40.3 or lower, you are vulnerable.

Check Version:

wp plugin get editorskit --field=version

Verify Fix Applied:

Verify plugin version is 1.40.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-json/gutenberghub-styles-manager/v1/import endpoint
PHP or executable files in WordPress upload directories with suspicious names

Network Indicators:

POST requests to /wp-json/gutenberghub-styles-manager/v1/import with file uploads

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-json/gutenberghub-styles-manager/v1/import" OR file_extension IN ("php", "exe", "sh", "py"))

📊 Metadata

CVE ID: CVE-2023-6635

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: February 5, 2024

Last Updated: May 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6635, you might also want to check these: