CVE-2024-3107 - Vulnerability Details - OpenCVE

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Brainstormforce	Spectra

Configuration 1 [-]

cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189
https://plugins.trac.wordpress.org/changeset/3062684/
https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve

History

Wed, 08 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 08 Apr 2026 17:00:00 +0000

Type	Values Removed	Values Added
Title		Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal

Thu, 06 Feb 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Brainstormforce Brainstormforce spectra
Weaknesses		CWE-22
CPEs		cpe:2.3:a:brainstormforce:spectra::::::wordpress::*
Vendors & Products		Brainstormforce Brainstormforce spectra

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-05-02T16:51:46.405Z

Updated: 2026-04-08T16:36:11.273Z

Reserved: 2024-03-29T20:03:20.976Z

Link: CVE-2024-3107

Vulnrichment

Updated: 2024-08-01T19:32:42.699Z

NVD

Status : Modified

Published: 2024-05-02T17:15:22.673

Modified: 2026-04-08T17:18:41.520

Link: CVE-2024-3107

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-3107", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-03-29T20:03:20.976Z", "datePublished": "2024-05-02T16:51:46.405Z", "dateUpdated": "2026-04-08T16:36:11.273Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:11.273Z"}, "affected": [{"vendor": "brainstormforce", "product": "Spectra Gutenberg Blocks \u2013 Website Builder for the Block Editor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.12.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information."}], "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189"}, {"url": "https://plugins.trac.wordpress.org/changeset/3062684/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ng\u00f4 Thi\u00ean An"}], "timeline": [{"time": "2024-04-26T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-06T17:41:30.989424Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:39.671Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.699Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3062684/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3062684/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.699Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-06T17:41:30.989424Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-06T17:41:28.999Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal", "credits": [{"lang": "en", "type": "finder", "value": "Ng\u00f4 Thi\u00ean An"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "brainstormforce", "product": "Spectra Gutenberg Blocks \u2013 Website Builder for the Block Editor", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.12.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-26T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189"}, {"url": "https://plugins.trac.wordpress.org/changeset/3062684/"}], "descriptions": [{"lang": "en", "value": "The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:11.273Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3107", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:36:11.273Z", "dateReserved": "2024-03-29T20:03:20.976Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-02T16:51:46.405Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "96368125-DFCD-4E53-B5FD-8D0A510E9BDB", "versionEndExcluding": "2.12.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento Spectra \u2013 WordPress Gutenberg Blocks para WordPress es vulnerable a Path Traversal en versiones hasta la 2.12.6 incluida a trav\u00e9s de la funci\u00f3n get_block_default_attributes. Esto permite a atacantes autenticados, con permisos de nivel de colaborador y superiores, leer el contenido de cualquier archivo llamado atributos.php en el servidor, que puede contener informaci\u00f3n confidencial."}], "id": "CVE-2024-3107", "lastModified": "2026-04-08T17:18:41.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-02T17:15:22.673", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3062684/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3062684/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}