VYPR

Vk Blocks

by Vektor Inc

Source repositories

CVEs (4)

  • CVE-2023-5706MedNov 22, 2023
    risk 0.35cvss 6.4epss 0.01

    The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2023-0584MedJun 3, 2023
    risk 0.28cvss 4.3epss 0.01

    The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version'…

  • CVE-2023-0583MedJun 3, 2023
    risk 0.21cvss 4.3epss 0.01

    The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings…

  • CVE-2023-27925May 23, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.