Essential Blocks Plugin - Path Traversal (CVE-2023-6623)

The Essential Blocks WordPress plugin before version 4.4.3 is vulnerable to a path traversal flaw, tracked as CVE-2023-6623 that allows unauthenticated attackers to overwrite local variables during template rendering via the REST API. This vulnerability can be exploited to perform Local File Inclusion attacks, potentially exposing sensitive files or enabling further compromise of the affected WordPress site.

CrowdSec has been tracking this vulnerability and its exploits since 8th of May 2024.

Data from the CrowdSec community indicates that exploitation of CVE-2023-6623 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2023-6623 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2023-6623 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit the /wp-json/essential-blocks/v1/queries endpoint by supplying path traversal sequences in the file parameter to include arbitrary files from the server, potentially leading to sensitive data disclosure or code execution.