The VK Blocks plugin for WordPress is vulnerable to...
Moderate severity
Unreviewed
Published
Jun 3, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jun 3, 2023
Published to the GitHub Advisory Database
Jun 3, 2023
Last updated
Apr 4, 2024
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value.
References