CVE-2023-0584

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0584

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0584.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0584

Published

2023-06-03T02:15:09.120Z

Modified

2026-04-10T04:54:23.597287Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrary value.

References

Affected packages

Git / github.com/vektor-inc/vk-blocks

Affected ranges

Type

GIT

Repo

https://github.com/vektor-inc/vk-blocks

Events

Introduced

Last affected

9dee8ca4956dd40419e75c16e7864f1b2a1091c3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.57.0.5"
        }
    ]
}

Affected versions

0.*

0.17.2

0.17.3

0.17.4

0.17.6

0.22.0

0.22.4

0.26.2

0.26.3

0.26.4

0.26.5

0.31.0

0.35.1

0.35.2

0.35.3

0.35.4

0.35.5

0.37.0

0.37.2

0.37.3

0.37.4

0.37.5

0.38.1

0.38.2

0.38.5

0.38.6

0.38.7

0.38.8

0.39.4

0.41.0

0.42.0

0.5.1

0.6.0

1.*

1.0.0

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.7

1.0.9

1.10.0

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.12.0

1.13.0

1.13.1

1.13.2

1.14.0

1.14.1

1.15.0

1.15.1

1.16.0

1.16.1

1.16.10

1.16.11

1.16.2

1.16.3

1.16.4

1.16.5

1.16.6

1.16.7

1.16.8

1.16.9

1.17.0

1.18.0

1.18.1

1.18.2

1.18.3

1.18.4

1.18.5

1.18.6

1.19.0

1.19.1

1.2.0

1.2.1

1.2.2

1.2.3

1.20.3

1.20.4

1.20.5

1.20.6

1.20.7

1.21.0

1.22.0

1.22.1

1.22.2

1.22.3

1.22.4

1.23.0

1.24.1

1.24.2

1.24.3

1.24.4

1.24.5

1.25.0

1.25.1

1.26.0

1.26.1

1.26.2

1.27.0

1.27.1

1.27.3

1.27.4

1.27.5

1.27.6.0

1.27.6.1

1.27.7.0

1.27.7.1

1.27.7.2

1.28.0.0

1.28.0.1

1.29.0.0

1.29.0.1

1.29.1.0

1.29.2.0

1.3.1

1.3.2

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.30.0.0

1.30.0.1

1.31.0.0

1.31.0.1

1.32.0.1

1.32.0.2

1.33.2.0

1.33.2.1

1.36.0.0

1.36.0.1

1.36.1.4

1.36.1.5

1.37.0.0

1.39.1.0

1.39.1.1

1.39.1.2

1.39.2.0

1.39.2.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.40.0.0

1.40.0.1

1.40.1.0

1.40.1.1

1.41.0.0

1.41.0.1

1.41.2.2

1.41.2.3

1.43.0.0

1.43.0.1

1.43.0.2

1.44.0.0

1.44.0.1

1.45.0.0

1.45.0.1

1.46.0.0

1.46.0.1

1.47.0.0

1.47.0.1

1.47.1.0

1.48.0.0

1.48.0.1

1.48.0.2

1.48.1.0

1.48.1.1

1.5.0

1.50.0.0

1.50.0.1

1.51.0.0

1.51.0.1

1.52.0.0

1.52.0.1

1.53.0.0

1.53.0.1

1.54.0.0

1.54.0.1

1.55.0.0

1.55.0.1

1.56.0.0

1.56.0.1

1.57.0.0

1.57.0.1

1.57.0.3

1.57.0.4

1.57.0.5

1.6.0

1.7.0

1.7.1

1.8.0

1.8.1

1.8.2

1.9.0

1.9.1

1.9.2

pre_1.*

pre_1.27.6.0

pre_1.27.8.0

pre_1.27.9.0

pre_1.28.0.0

pre_1.29.0.0

pre_1.29.1.0

pre_1.29.2.0

pre_1.30.0.0

pre_1.32.0.0

pre_1.32.0.1

pre_1.33.0.0

pre_1.33.1.0

pre_1.33.2.0

pre_1.34.0.0

pre_1.34.1.0

pre_1.35.0.0

pre_1.36.0.0

pre_1.36.1.0

pre_1.36.1.4

pre_1.36.2.0

pre_1.37.0.0

pre_1.38.0.0

pre_1.38.0.1

pre_1.39.0.0

pre_1.39.1.0

pre_1.39.2.0

pre_1.40.0.0

pre_1.40.1.0

pre_1.41.0.0

pre_1.41.1.0

pre_1.41.2.1

pre_1.41.2.2

pre_1.42.0.0

pre_1.42.1.0

pre_1.43.0.0

pre_1.44.0.0

pre_1.45.0.0

pre_1.46.0.0

pre_1.46.0.10

pre_1.47.0.0

pre_1.47.1.0

pre_1.48.0.0

pre_1.48.0.1

pre_1.48.1.0

pre_1.49.0.0

pre_1.50.0.0

pre_1.50.1.0

pre_1.51.0.0

pre_1.52.0.0

pre_1.53.0.0

pre_1.54.0.0

pre_1.55.0.0

pre_1.56.0.0

pre_1.57.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0584.json"