4 matches found
WordPress VK Blocks Plugin <= 1.57.0.5 is vulnerable to Broken Access Control
Software VK Blocks Type Plugin Vulnerable versions = 1.57.0.5 Fixed in 1.57.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0583 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 16379aba277f Credits Ramuel Gall Required privilege...
CVE-2023-0583
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updatevkblocksoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons...
CVE-2023-0583
The CVE-2023-0583 entry concerns the VK Blocks plugin for WordPress. Affected component: REST endpoint for updating settings (update_vk_blocks_options). Root cause: improper authorization enabling attackers with contributor-level permissions or higher to change plugin settings, including default ...
CVE-2023-0583 VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updatevkblocksoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons...