WordPress Plugin Vulnerabilities

VK Blocks < 1.54.0 - Multiple Stored XSS

Description

The plugins do not sanitise and escape some parameters, which could lead to Stored Cross-Site Scripting issues

Affects Plugins

Plugin icon
vk-blocks
Fixed in 1.54.0
Plugin icon
vk-blocks-pro
Fixed in 1.54.0

References

CVE
CVE-2023-27923
CVE
CVE-2023-27925
CVE
CVE-2023-27926
CVE
CVE-2023-28367
URL
https://jvn.jp/en/jp/JVN95792402/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
apple502j
Verified
No
WPVDB ID
83c33320-8d11-439e-b8c0-5c6b83670168

Timeline

Publicly Published
2023-05-09 (about 1 years ago)
Added
2023-05-11 (about 1 years ago)
Last Updated
2023-05-11 (about 1 years ago)

Other

Published
Title
Published
2013-09-24
Title
Sharebar < 1.4.1 - Reflected Cross-Site Scripting (XSS)
Published
2020-07-12
Title
Newsletter < 6.7.7 - Authenticated Stored Cross-Site Scripting
Published
2022-08-31
Title
Image Hover Effects Ultimate < 9.8.0 - Authenticated Stored XSS
Published
2024-03-13
Title
Visualizer < 3.10.6 - Reflected Cross-Site Scripting
Published
2024-03-04
Title
SiteOrigin Widgets Bundle < 1.58.8 - Authenticated (Contributor+) Stored Cross-Site Scripting