Security Advisory

CVE-2024-3107

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-02 16:51:46

Last updated 2026-04-08 16:36:11

Assigner Wordfence

State PUBLISHED

Description

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information.

← Browse all CVEs View on cve.org ↗