EUVD-2023-12624

Malicious code in bioql PyPI...

CVE-2024-13635 VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure

The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the conten...

CVE-2024-13635

The CVE-2024-13635 entry concerns VK Blocks for WordPress. Affected: VK Blocks plugin versions up to and including 1.94.2.2. Vulnerability type: Sensitive Information Exposure via the page content block. Impact: authenticated attackers with Contributor-level access and above can read sensitive da...

CVE-2024-13635 VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure

The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the conten...

WordPress plugin VK Blocks 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An Access Contro...

Cross site scripting

The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5706

The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress VK Blocks Plugin <= 1.57.0.5 is vulnerable to Broken Access Control

Software VK Blocks Type Plugin Vulnerable versions = 1.57.0.5 Fixed in 1.57.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0583 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 16379aba277f Credits Ramuel Gall Required privilege...

CVE-2023-0584

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrar...

CVE-2023-0584 VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrar...

WordPress plugin VK Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...