Improper Authorization in VK Blocks Plugin for WordPress
CVE-2023-0583
4.3MEDIUM
What is CVE-2023-0583?
The VK Blocks plugin for WordPress is affected by a vulnerability that allows authenticated users with contributor-level permissions or higher to exploit the REST 'update_vk_blocks_options' function. This improper authorization issue enables attackers to modify plugin settings, including changing default icons, posing a significant risk to site integrity and user experience. Users should ensure they are running the latest version to mitigate this vulnerability.
Affected Version(s)
VK Blocks * <= 1.57.0.5