WordPress Plugin Vulnerabilities

VK Block Patterns < 1.31.1.1 - Missing Authorization

Description

The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbp_clear_patterns_cache() function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns cache.

Affects Plugins

Plugin icon
vk-block-patterns
Fixed in 1.31.1.1

References

CVE
CVE-2024-32826
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/90c0be4a-1146-4a17-918e-ed5362bde022

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
2b66e59e-6903-42cc-b21f-f2c30ac75ab3

Timeline

Publicly Published
2024-04-22 (about 2 years ago)
Added
2024-04-29 (about 2 years ago)
Last Updated
2024-04-29 (about 2 years ago)

Other

Published
Title
Published
2024-04-05
Title
JS Help Desk – Best Help Desk & Support Plugin < 2.8.4 - Missing Authorization
Published
2024-04-05
Title
Responsive Lightbox < 2.4.7 - Information Disclosure
Published
2024-02-19
Title
Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization to Arbitrary Plugin Deactivation
Published
2023-09-27
Title
Schema App Structured Data < 1.22.4 - Missing Authorization via page_init
Published
2024-09-25
Title
WP Datepicker < 2.1.2 - Missing Authorization