Vulnerabilities > CVE-2023-0583 - Unspecified vulnerability in Vektor-Inc VK Blocks
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons.
Vulnerable Configurations
References
- https://plugins.trac.wordpress.org/browser/vk-blocks/trunk/inc/vk-blocks/App/RestAPI/BlockMeta/class-vk-blocks-entrypoint.php
- https://plugins.trac.wordpress.org/browser/vk-blocks/trunk/inc/vk-blocks/App/RestAPI/BlockMeta/class-vk-blocks-entrypoint.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/12a94f5b-bc30-4a65-b397-54488c836ec3?source=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/12a94f5b-bc30-4a65-b397-54488c836ec3?source=cve