cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0623,https://securityvulnerability.io/vulnerability/CVE-2024-0623,Cross-Site Request Forgery Vulnerability in VK Block Patterns Plugin for WordPress,The VK Block Patterns plugin for WordPress exhibits a vulnerability allowing unauthenticated attackers to exploit Cross-Site Request Forgery due to inadequate nonce validation in the vbp_clear_patterns_cache() function. This flaw enables an attacker to potentially clear the patterns cache by tricking a site administrator into interacting with a malicious request. Affected users should take immediate action to mitigate risks by updating to the latest version of the plugin.,Wordpress,VK Block Patterns,4.3,MEDIUM,0.0005099999834783375,false,,false,false,true,true,false,false,2024-01-20T05:37:45.759Z,0
CVE-2023-5706,https://securityvulnerability.io/vulnerability/CVE-2023-5706,Stored Cross-Site Scripting in VK Blocks for WordPress,"The VK Blocks plugin for WordPress contains a vulnerability that allows Stored Cross-Site Scripting (XSS) through the 'vk-blocks/ancestor-page-list' block. This occurs due to inadequate sanitization and escaping of user-supplied attributes, enabling authenticated attackers with contributor-level privileges to inject harmful web scripts into pages. These scripts will execute whenever a user visits a compromised page, creating significant risks for WordPress site security.",Wordpress,VK Blocks,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2023-11-22T16:15:00.000Z,0
CVE-2023-0583,https://securityvulnerability.io/vulnerability/CVE-2023-0583,Improper Authorization in VK Blocks Plugin for WordPress,"The VK Blocks plugin for WordPress is affected by a vulnerability that allows authenticated users with contributor-level permissions or higher to exploit the REST 'update_vk_blocks_options' function. This improper authorization issue enables attackers to modify plugin settings, including changing default icons, posing a significant risk to site integrity and user experience. Users should ensure they are running the latest version to mitigate this vulnerability.",Wordpress,VK Blocks,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-03T02:15:00.000Z,0
CVE-2023-0584,https://securityvulnerability.io/vulnerability/CVE-2023-0584,Improper Authorization Vulnerability in VK Blocks Plugin for WordPress,"The VK Blocks plugin for WordPress features a vulnerability that allows authenticated users with contributor-level permissions or higher to exploit the REST API's 'update_options' function. This flaw enables these attackers to modify the 'vk_font_awesome_version' setting to any value, which could lead to unintended behavior or further exploitation. Versions up to and including 1.57.0.5 are impacted, making it crucial for administrators to take protective measures.",Wordpress,VK Blocks,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-03T02:15:00.000Z,0