Primary

Context

Getwid Gutenberg Blocks Missing Authorization Vulnerability in WordPress

Vulnerability

A vulnerability exists in the Getwid – Gutenberg Blocks plugin for WordPress, affecting all versions through 2.0.3. The issue arises from a lack of proper capability checks in the recaptcha_api_key_manage function, allowing authenticated attackers with subscriber-level access or higher to unauthorizedly add, modify, or delete 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.

Impact

Exploitation of this vulnerability allows for unauthorized modification of reCAPTCHA API key settings, potentially leading to improper validation of user interactions or automated bot management.

Remediation

Users are advised to update the Getwid – Gutenberg Blocks plugin to version 2.0.5 or later.

Added: May 15, 2026, 9:47 AM

Updated: May 15, 2026, 9:47 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Getwid Gutenberg Blocks Missing Authorization Vulnerability in WordPress

Vulnerability

Impact

Remediation

Affected Products

Getwid

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating