3 matches found
WordPress VK Blocks Plugin <= 1.57.1.2 is vulnerable to Broken Access Control
Software VK Blocks Type Plugin Vulnerable versions = 1.57.1.2 Fixed in 1.58.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0584 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3eea6caee3d8 Credits Ramuel Gall Required privilege...
CVE-2023-0584 VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrar...
CVE-2023-0584
The CVE-2023-0584 entry concerns the WordPress VK Blocks plugin. Affected versions: up to 1.57.0.5. Issue: improper authorization via the REST update_options function, allowing authenticated attackers with contributor-level permissions or higher to set vk_font_awesome_version to any value. Impact...