4 matches found
CVE-2023-0583
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updatevkblocksoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons...
CVE-2023-0583
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updatevkblocksoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons...
CVE-2023-0583 VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updatevkblocksoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons...
VK Blocks < 1.57.1.0 - Contributor+ Settings Update via REST API
The plugin uses improper authorization for the REST API vk-blocks/v1/updatevkblocksoptions, allowing users with a role as low as contributor to change plugin settings including default icons...