CVE-2023-2087 MEDIUM

CVE-2023-2087: Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save

Vendor Wpdevteam
Product Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
Weakness CWE-352 · CSRF
Published June 9, 2023
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Key dates

02Disclosure timeline

June 9, 2023 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2020-37145 HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin) CVE-2024-51632 WordPress SH Slideshow plugin <= 4.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability CVE-2023-47685 WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-26543 WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability CVE-2023-26524 WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF)