WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

VK Blocks < 1.54.0 - Multiple Stored XSS

Description

The plugins do not sanitise and escape some parameters, which could lead to Stored Cross-Site Scripting issues

Affects Plugins

vk-blocks
Fixed in version 1.54.0
vk-blocks-pro
Fixed in version 1.54.0

References

CVE
CVE-2023-27923
CVE
CVE-2023-27925
CVE
CVE-2023-27926
CVE
CVE-2023-28367
URL
https://jvn.jp/en/jp/JVN95792402/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

apple502j

Verified

No

WPVDB ID
83c33320-8d11-439e-b8c0-5c6b83670168

Timeline

Publicly Published

2023-05-09 (about 4 months ago)

Added

2023-05-11 (about 4 months ago)

Last Updated

2023-05-11 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin