VYPR

Vk Blocks

by WordPress

Source repositories

CVEs (4)

  • CVE-2023-5706MedNov 22, 2023
    risk 0.35cvss 6.4epss 0.01

    The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2024-13635MedMar 7, 2025
    risk 0.21cvss 4.3epss 0.00

    The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data…

  • CVE-2023-0583MedJun 3, 2023
    risk 0.21cvss 4.3epss 0.01

    The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings…

  • CVE-2023-27923May 23, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.